2007/7/16, Ing. Andrea Vettori <[EMAIL PROTECTED]>:
It's already known and a patch already exists.
Well, in fact the patch does not prevent execution of OGNL commands, but disallow entering possible malicious code, i.e. expression like %{xxx} is illegal: instead it should be evaluated as the string "%{xxx}". Antonio