2007/7/16, Ing. Andrea Vettori <[EMAIL PROTECTED]>:
It's already known and a patch already exists.
Well, in fact the patch does not prevent execution of OGNL commands, but
disallow entering possible malicious code, i.e. expression like %{xxx} is
illegal: instead it should be evaluated as the string "%{xxx}".
Antonio
