That's correct, it's only enabled by default from 7.0, but I enabled it manually for the Showcase App so we can ensure its functionality and catch regressions. It seems in this case, we have an Action that utilises the Convention plugin but isn't actually covered by any tests.
On Sat, Jul 13, 2024 at 6:17 PM Lukasz Lenart <lukaszlen...@apache.org> wrote: > > sob., 13 lip 2024 o 08:05 Kusal Kithul-Godage > <kusal.kithulgod...@gmail.com> napisał(a):> > > Let me take a look, I think I overlooked testing the OGNL allowlist > > with the Convention plugin - created WW-5440 to track. > > BTW. I thought the stronger security settings have been enabled since > Struts 7, did I miss something? > > > Regards > Lukasz > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > For additional commands, e-mail: dev-h...@struts.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
