[
https://issues.apache.org/jira/browse/JEXL-357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17492104#comment-17492104
]
Henri Biestro commented on JEXL-357:
------------------------------------
Hardened the code wrt package permissions. Thanks Dmitri.
Commit
[fed413d|https://github.com/apache/commons-jexl/commit/fed413dfa27ebb51dbeda1f173596d09c4e8d989]
> Configure accessible packages/classes/methods/fields
> -----------------------------------------------------
>
> Key: JEXL-357
> URL: https://issues.apache.org/jira/browse/JEXL-357
> Project: Commons JEXL
> Issue Type: Improvement
> Affects Versions: 3.2.1
> Reporter: Henri Biestro
> Assignee: Henri Biestro
> Priority: Major
> Fix For: 3.3
>
>
> The @NoJexl annotation allows 'hiding' functional elements from scripts; this
> features will allow Jexl introspection to completely ignore existing
> packages/classes/methods/fields ensuring they can not be called.
> Acting (more or less) as a security manager, this will allow fine
> configuration of what scripts are allowed to access on a platform. Used in
> conjunction with Sandboxing, how much is exposed can be limited to explicit
> permission.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
