Henri Biestro created JEXL-462:
----------------------------------

             Summary: JexlPermissions.RESTRICTED must ensure a better level of 
isolation
                 Key: JEXL-462
                 URL: https://issues.apache.org/jira/browse/JEXL-462
             Project: Commons JEXL
          Issue Type: Bug
    Affects Versions: 3.6.3
            Reporter: Henri Biestro
            Assignee: Henri Biestro
             Fix For: 3.6.4


The JexlPermissions.RESTRICTED constant is supposed to offer a decent level of 
isolation between the script and its host.
It is still susceptible to allowing more than is intended, in part because its 
use of the wildcard-package specification that gives 'silent' access to classes 
that should definitely be explicit.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to