This is an automated email from the ASF dual-hosted git repository.
kusal pushed a change to branch WW-5340-ognl-guard
in repository https://gitbox.apache.org/repos/asf/struts.git
omit 1401f1ef1 WW-5340 Correct optimisation
omit 31cc8a1fb WW-5340 Refactor OgnlGuard to do the parsing
omit a1b5d7a7d WW-5340 Add unit tests
omit 1aeb055d6 WW-5340 Add validation to excluded node configuration
omit 200bc0361 WW-5340 Cache OgnlGuard result
omit fc01f1e1c WW-5340 Make OgnlGuard a configurable bean
omit 193ef74b1 WW-5340 Fix tests
omit 7a9c61cb6 WW-5340 Introducing OGNL Guard
add 891598545 WW-5334 Fix empty chained context name
add 03e232344 Merge pull request #744 from
apache/WW-5334-fix-chained-contexts
add 20e211061 Reverts version to 6.3.0-SNAPSHOT
add 1a88f78a7 [maven-release-plugin] prepare release STRUTS_6_3_0
add a0185f248 [maven-release-plugin] prepare for next development iteration
add 85fe68071 Moves all CI notifications to commits@ list
add 74e5aad4f Update .asf.yaml
add f70feb11e Merge pull request #748 from apache/feature/notify-builds
add 50b36695e Bump actions/checkout from 3 to 4
add badb3f457 Merge pull request #751 from
apache/dependabot/github_actions/actions/checkout-4
add f0e3cec5c Bump actions/upload-artifact from 3.1.2 to 3.1.3
add 59e9c18ca Merge pull request #752 from
apache/dependabot/github_actions/actions/upload-artifact-3.1.3
add 0ba2d69af [maven-release-plugin] prepare release STRUTS_6_3_0_1
add f4253ff8f [maven-release-plugin] prepare for next development iteration
add 4c044f125 Always delete uploaded file
add 236ae15c6 [maven-release-plugin] prepare release STRUTS_6_3_0_1
add b7f73715d [maven-release-plugin] prepare for next development iteration
add 4f5c4ff00 Bump actions/cache from 3.3.1 to 3.3.2
add 142bb9efe Merge pull request #753 from
apache/dependabot/github_actions/actions/cache-3.3.2
add 699786e19 WW-5341 Refactor SecurityMemberAccess methods for reuse
add d6fcfd9c2 WW-5341 Clean up SecurityMemberAccess#restore
add c57015749 WW-5341 Further refactor of OgnlUtil and
SecurityMemberAccess to store excluded classes as Strings
add a9666272e WW-5341 Move proxy check to be first
add 1bbcc17c7 WW-5341 Split package exclusion check
add a352132f0 WW-5341 Clean up OgnlUtilTest
add 7c1c674a0 WW-5341 Add unit test for excluded pattern validation
add a755c30ca WW-5341 Fix default ClassLoader
add bc85d35a2 WW-5341 Make validation more efficient
add 501d395b9 Merge pull request #741 from apache/WW-5341-classloaders
add 4a5edf640 WW-5342 Ban use of default package
add ff79c1b04 WW-5342 Implement default off option
add bfe1f8cd3 WW-5342 Optimise package exclusion check
add bb83a6014 Merge pull request #742 from apache/WW-5342-default-package
add 7bd31cf31 WW-5339 Clean up OgnlValueStackTest
add 2b70b024b WW-5339 Misc clean up in CompoundRootAccessor
add fde2b70fa Merge pull request #745 from apache/WW-5339-cleanup
add 19d26b29a Merge pull request #746 from apache/WW-5340-ognlutil-refactor
add 8551a09a6 WW-5340 Introducing OGNL Guard
add 25585617f WW-5340 Fix tests
add f542fde45 WW-5340 Make OgnlGuard a configurable bean
add 91d58d31d WW-5340 Cache OgnlGuard result
add 2bca0147c WW-5340 Add validation to excluded node configuration
add 4ff700e9a WW-5340 Add unit tests
add a4a0d70aa WW-5340 Refactor OgnlGuard to do the parsing
add 11e4dce71 WW-5340 Correct optimisation
add f69364bf6 WW-5340 Rename DefaultOgnlGuard to StrutsOgnlGuard
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (1401f1ef1)
\
N -- N -- N refs/heads/WW-5340-ognl-guard (f69364bf6)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
No new revisions were added by this update.
Summary of changes:
.asf.yaml | 4 +-
.github/workflows/codeql.yml | 2 +-
.github/workflows/maven.yml | 4 +-
.github/workflows/scorecards-analysis.yaml | 4 +-
Jenkinsfile | 6 +-
bom/pom.xml | 2 +-
.../xwork2/config/impl/DefaultConfiguration.java | 4 +-
.../StrutsDefaultConfigurationProvider.java | 4 +-
.../com/opensymphony/xwork2/ognl/OgnlUtil.java | 137 ++++++------
.../opensymphony/xwork2/ognl/OgnlValueStack.java | 1 +
.../xwork2/ognl/SecurityMemberAccess.java | 113 +++++-----
...{DefaultOgnlGuard.java => StrutsOgnlGuard.java} | 4 +-
.../xwork2/ognl/accessor/CompoundRootAccessor.java | 47 ++--
.../java/org/apache/struts2/StrutsConstants.java | 1 +
.../multipart/JakartaMultiPartRequest.java | 79 +++----
core/src/main/resources/struts-beans.xml | 2 +-
.../xwork2/DefaultActionInvocationTest.java | 4 +-
.../xwork2/ognl/OgnlUtilStrutsTest.java | 4 +-
.../com/opensymphony/xwork2/ognl/OgnlUtilTest.java | 165 +++++++-------
.../xwork2/ognl/OgnlValueStackTest.java | 245 +++++++--------------
.../xwork2/ognl/SecurityMemberAccessTest.java | 116 +++++-----
...OgnlGuardTest.java => StrutsOgnlGuardTest.java} | 26 +--
.../com/test/ExternalSecurityMemberAccess.java | 4 +-
.../struts2/views/velocity/VelocityManager.java | 9 +-
pom.xml | 4 +-
25 files changed, 443 insertions(+), 548 deletions(-)
rename core/src/main/java/com/opensymphony/xwork2/ognl/{DefaultOgnlGuard.java
=> StrutsOgnlGuard.java} (96%)
rename
core/src/test/java/com/opensymphony/xwork2/ognl/{DefaultOgnlGuardTest.java =>
StrutsOgnlGuardTest.java} (72%)
