[
https://issues.apache.org/jira/browse/WW-5343?focusedWorklogId=892174&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-892174
]
ASF GitHub Bot logged work on WW-5343:
--------------------------------------
Author: ASF GitHub Bot
Created on: 26/Nov/23 08:36
Start Date: 26/Nov/23 08:36
Worklog Time Spent: 10m
Work Description: kusalk commented on code in PR #791:
URL: https://github.com/apache/struts/pull/791#discussion_r1405354461
##########
core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java:
##########
@@ -385,6 +386,7 @@ protected Container
createBootstrapContainer(List<ContainerProvider> providers)
builder.factory(ExpressionCacheFactory.class,
DefaultOgnlExpressionCacheFactory.class, Scope.SINGLETON);
builder.factory(BeanInfoCacheFactory.class,
DefaultOgnlBeanInfoCacheFactory.class, Scope.SINGLETON);
builder.factory(OgnlUtil.class, Scope.SINGLETON);
+ builder.factory(SecurityMemberAccess.class, Scope.PROTOTYPE);
Review Comment:
True, I also don't think there's anything useful an attacker can do with a
fresh `SecurityMemberAccess` instance
Issue Time Tracking
-------------------
Worklog Id: (was: 892174)
Time Spent: 1h 40m (was: 1.5h)
> Make SecurityMemberAccess extensible and a prototype bean
> ---------------------------------------------------------
>
> Key: WW-5343
> URL: https://issues.apache.org/jira/browse/WW-5343
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
> Reporter: Kusal Kithul-Godage
> Priority: Minor
> Fix For: 6.4.0
>
> Time Spent: 1h 40m
> Remaining Estimate: 0h
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
