Thank you to the dev team for the excellent work and to Lukasz for the 2.5 -> 6 migration page.
I wanted to make a contribution to the wiki regarding an upgrade issue we encountered on an older system during our move from 2.5 to 6.7 due to the file upload path traversal vulnerability. I didn't find a new account page on the Apache Confluence to request an account or I'd be happy to do it myself. Our finding was that Struts OGNL expressions gained an imposed default maximum length of 256 characters at some point between 2.5 -> 6, and in order to avoid broken functionality from the upgrade, we had to add struts.ognl.expressionMaxLength constant to our struts.xml and set it to something slightly longer. https://struts.apache.org/security/#apply-a-maximum-allowed-length-on-ognl-expressions How can I get a wiki account to mention it, or would someone rather update the migration page to mention it as a potential issue? Thanks so much! -Scott Scott Hiland --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
