> Disables user to override them (which puts him/herself on risk). Don't treat users as stupid, they are not.
If right now we had it hard-coded then current release would be total fail. There are valid use cases where excluded classes / packages must be allowed. > Keeps user safe even if injection mechanism failed temporary at that time. There are bigger problems at hand if injection fails, probably. :) > Puts all tests under default exclusions (so discover incompatibilities). Current tests will still not reveal this issue. Problem is in the lack of proper integration tests. Bottom line is: This is not backward compatible and cannot be released in next 2.5.x series. [ Full content available at: https://github.com/apache/struts/pull/247 ] This message was relayed via gitbox.apache.org for [email protected]
