Hi, It's due to fixed OGNL version which properly supports JavaBean Specifications now. You can revert to prior version of OGNL to keep the old behaviour (security fixes weren't related to OGNL)
See those issues https://issues.apache.org/jira/browse/WW-3909 https://issues.apache.org/jira/browse/WW-4616 and here you have another one https://github.com/jkuhnert/ognl/pull/21 Regards -- Ćukasz + 48 606 323 122 http://www.lenart.org.pl/ 2016-04-06 9:59 GMT+02:00 Doug Erickson <doug.erick...@part.net>: > It appears that a change in OGNL 3.0.13 with 2.3.28 breaks expressions that > reference properties beginning with at least two capital letters. > Previously, a getter like "getXXX()" could be referenced with OGNL "xXX", > but these must be changed to "XXX". > > Is this expected behavior? It's a breaking change. Why the "upgrade?" > > I see that the solution to other problems with the OGNL update is to > rollback OGNL library. However, will the vulnerabilities up through S2-030 > be fixed with OGNL version used in 2.3.24.1? Are there any other "features" > of OGNL 3.0.13 that I will be missing out on? > > I appreciate any advice or explanation that is offered. > > Doug --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
