Isn't it already "decoupled" since OGNL is a separate project? I mean, of course Struts 2 needs mediating code to support it, but how coupled is it really?
Paul On Wed, Sep 4, 2013 at 8:04 AM, Christian Grobmeier <grobme...@gmail.com>wrote: > Folks, > > when researching on OGNL i found this link: > https://cwiki.apache.org/confluence/display/S2WIKI/OGNL+replacement > > In 2008 Brian mentioned "Security risks keep appearing" along with OGNL > and collected the places where we use OGNL. Given the recent events I > thought it might be good to bring this up again. Please also note, I > have helped with OGNLs incubation and I am also touchign it over in > Commons land. My impression is OGNL is not easy to understand and there > is not really much interest from other people to develop on it. > > Looking at this list I feel OGNL is pretty much tied to Struts. On the > other hand we could start to slowly decouple the two. Not sure what we > should use otherwise. > > Any feelings on that? > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > > -- Cheers, Paul
