[jira] [Updated] (JEXL-457) Reduce default exposure for RESTRICTED JexlPermissions

Henri Biestro (Jira) Fri, 06 Mar 2026 04:57:35 -0800


     [ 
https://issues.apache.org/jira/browse/JEXL-457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Henri Biestro updated JEXL-457:
-------------------------------
    Summary: Reduce default exposure for RESTRICTED JexlPermissions  (was: 
RESTRICTED permissions should further reduce exposure)

> Reduce default exposure for RESTRICTED JexlPermissions
> ------------------------------------------------------
>
>                 Key: JEXL-457
>                 URL: https://issues.apache.org/jira/browse/JEXL-457
>             Project: Commons JEXL
>          Issue Type: Improvement
>    Affects Versions: 3.6.2
>            Reporter: Henri Biestro
>            Priority: Critical
>
> The current permissions in RESTRICTED are allowing too many packages for 
> newer jdks (java.lang.* sub packages in java 25 for instance).
> The permissions themselves should also ensure that a constructor is 
> explicitly allowed (even transitively).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (JEXL-457) Reduce default exposure for RESTRICTED JexlPermissions

Reply via email to