[
https://issues.apache.org/jira/browse/WW-5341?focusedWorklogId=878968&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-878968
]
ASF GitHub Bot logged work on WW-5341:
--------------------------------------
Author: ASF GitHub Bot
Created on: 30/Aug/23 02:40
Start Date: 30/Aug/23 02:40
Worklog Time Spent: 10m
Work Description: kusalk opened a new pull request, #741:
URL: https://github.com/apache/struts/pull/741
WW-5341
--
In applications where there are multiple classloaders, it may be possible
for `SecurityMemberAccess` to obtain a false negative if the classloader used
to load the target object was different to the one used to load the exclusion
list.
To rectify this, we use String comparison of the class name instead. We
still use the default classloader to validate the exclusion list on application
start.
Issue Time Tracking
-------------------
Worklog Id: (was: 878968)
Remaining Estimate: 0h
Time Spent: 10m
> Ensure exclusion list applies to objects from all ClassLoaders
> --------------------------------------------------------------
>
> Key: WW-5341
> URL: https://issues.apache.org/jira/browse/WW-5341
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
> Reporter: Kusal Kithul-Godage
> Priority: Minor
> Fix For: 6.4.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
