2014-12-03 3:14 GMT+01:00 Joseph Walton :
> The workaround (copying struts.excludedClasses across from the defaults and
> removing java.lang.Class) works for me for now. I'll consider this another
> warning about static methods going away rather than looking at a fix or
> opening a WW.
>
> This mig
On 2 December 2014 at 20:24, Lukasz Lenart wrote:
> 2014-12-02 10:00 GMT+01:00 Joseph Walton :
> > I have OGNL expressions where I’m invoking static methods, and I’m
> specifically setting 'struts.ognl.allowStaticMethodAccess’ to allow that.
> >
> > Now, in 2.3.20, these invocations are checked b
2014-12-02 10:00 GMT+01:00 Joseph Walton :
> I have OGNL expressions where I’m invoking static methods, and I’m
> specifically setting 'struts.ognl.allowStaticMethodAccess’ to allow that.
>
> Now, in 2.3.20, these invocations are checked by
> SecurityMemberAccess.isClassExcluded with Class.class
