Github user atcazzual commented on the issue: https://github.com/apache/struts/pull/157 The expression did not seem to work at all until I escaped the slashes, changing `/` to `\/` Once I got it working, there then seems to be a bug in the new expression when matching on URLs that use IP addresses. The grouping has changed causing two problems with matching IP addresses. 1. The dot `.` character that delimits the octets in an IP address only applies to the last condition, `25[0-5]\.` on line 57, instead of all conditions for an IP octet. This makes matching most IP address fail. The only IPs that will match would need to have 3-digit octets for the first three where the first two-digits are `25`. _NOTE: This seems to have been resolved by the commit above._ 2. The conditions for the last octet are no longer grouped (line 58) making the OR `|` operator act on what was a higher level group. Because of this, the fourth octet would have to be only one or two digits. For example, only IPs like the following will pass validation: http://**25**3.**25**4.**25**5.1 (mostly resolved by the commit above) http://**25**3.**25**4.**25**5.12 (mostly resolved by the commit above) After the commit above, any IP with 3 digits in the last octet will **not** pass validation: http<nolink>://1.2.3.**100** http<nolink>://1.2.3.**255**
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org