[ 
https://issues.apache.org/jira/browse/JEXL-462?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Henri Biestro resolved JEXL-462.
--------------------------------
    Resolution: Fixed

Commit 
[fe73af4d6|https://github.com/apache/commons-jexl/commit/fe73af4d65c9b4c1bbe90b4951d6d10b75eb8053]

> JexlPermissions.RESTRICTED must ensure a better level of isolation
> ------------------------------------------------------------------
>
>                 Key: JEXL-462
>                 URL: https://issues.apache.org/jira/browse/JEXL-462
>             Project: Commons JEXL
>          Issue Type: Bug
>    Affects Versions: 3.6.3
>            Reporter: Henri Biestro
>            Assignee: Henri Biestro
>            Priority: Critical
>             Fix For: 3.6.4
>
>
> The JexlPermissions.RESTRICTED constant is supposed to offer a decent level 
> of isolation between the script and its host.
> It is still susceptible to allowing more than is intended, in part because 
> its use of the wildcard-package specification that gives 'silent' access to 
> classes that should definitely be explicit.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to