2014-12-03 3:14 GMT+01:00 Joseph Walton :
> The workaround (copying struts.excludedClasses across from the defaults and
> removing java.lang.Class) works for me for now. I'll consider this another
> warning about static methods going away rather than looking at a fix or
> opening a WW.
>
> This mig
On 2 December 2014 at 20:24, Lukasz Lenart wrote:
> 2014-12-02 10:00 GMT+01:00 Joseph Walton :
> > I have OGNL expressions where I’m invoking static methods, and I’m
> specifically setting 'struts.ognl.allowStaticMethodAccess’ to allow that.
> >
> > Now, in 2.3.20, these invocations are checked b
2014-12-02 10:00 GMT+01:00 Joseph Walton :
> I have OGNL expressions where I’m invoking static methods, and I’m
> specifically setting 'struts.ognl.allowStaticMethodAccess’ to allow that.
>
> Now, in 2.3.20, these invocations are checked by
> SecurityMemberAccess.isClassExcluded with Class.class
I have OGNL expressions where I’m invoking static methods, and I’m specifically
setting 'struts.ognl.allowStaticMethodAccess’ to allow that.
Now, in 2.3.20, these invocations are checked by
SecurityMemberAccess.isClassExcluded with Class.class as the first argument.
Since this appears on the de
