[jira] [Work logged] (WW-5364) Automatically populate OGNL allowlist

ASF GitHub Bot (Jira) Thu, 23 Nov 2023 02:15:13 -0800


     [ 
https://issues.apache.org/jira/browse/WW-5364?focusedWorklogId=891985&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-891985
 ]


ASF GitHub Bot logged work on WW-5364:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 23/Nov/23 10:14
            Start Date: 23/Nov/23 10:14
    Worklog Time Spent: 10m 
      Work Description: kusalk opened a new pull request, #800:
URL: https://github.com/apache/struts/pull/800

   WW-5364
   --
   We automatically populate the allowlist from interceptors, actions and 
result types defined in XML configuration.
   This will allow most applications to turn on the OGNL allowlist with no 
additional configuration.
   We can then consider turning this security option on by default in Struts 
7.0.




Issue Time Tracking
-------------------

            Worklog Id:     (was: 891985)
    Remaining Estimate: 0h
            Time Spent: 10m

> Automatically populate OGNL allowlist
> -------------------------------------
>
>                 Key: WW-5364
>                 URL: https://issues.apache.org/jira/browse/WW-5364
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Kusal Kithul-Godage
>            Priority: Minor
>             Fix For: 6.4.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Work logged] (WW-5364) Automatically populate OGNL allowlist

Reply via email to