[jira] [Work logged] (WW-5536) Bump ognl:ognl from 3.3.5 to 3.4.8

Tue, 23 Dec 2025 02:22:05 -0800 


     [ 
https://issues.apache.org/jira/browse/WW-5536?focusedWorklogId=997494&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-997494
 ]

ASF GitHub Bot logged work on WW-5536:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 23/Dec/25 10:21
            Start Date: 23/Dec/25 10:21
    Worklog Time Spent: 10m 
      Work Description: github-advanced-security[bot] commented on code in PR 
#1405:
URL: https://github.com/apache/struts/pull/1405#discussion_r2642696925


##########
core/src/main/java/org/apache/struts2/ognl/OgnlUtil.java:
##########
@@ -413,15 +435,15 @@
         for (TreeValidator validator : treeValidators) {
             validator.validate(tree, checkContext);
         }
-        Ognl.setValue(tree, context, root, value);
+        Ognl.setValue(tree, ensureStrutsContext(context), root, value);
     }
 
     private <T> T ognlGet(String expr, Map<String, Object> context, Object 
root, Class<T> resultType, Map<String, Object> checkContext, TreeValidator... 
treeValidators) throws OgnlException {
         Object tree = toTree(expr);
         for (TreeValidator validator : treeValidators) {
             validator.validate(tree, checkContext);
         }
-        return (T) Ognl.getValue(tree, context, root, resultType);
+        return (T) Ognl.getValue(tree, ensureStrutsContext(context), root, 
resultType);

Review Comment:
   ## OGNL Expression Language statement with user-controlled input
   
   OGNL Expression Language statement depends on a [user-provided value](1).
   OGNL Expression Language statement depends on a [user-provided value](2).
   
   [Show more 
details](https://github.com/apache/struts/security/code-scanning/1175)





Issue Time Tracking
-------------------

    Worklog Id:     (was: 997494)
    Time Spent: 2.5h  (was: 2h 20m)

> Bump ognl:ognl from 3.3.5 to 3.4.8
> ----------------------------------
>
>                 Key: WW-5536
>                 URL: https://issues.apache.org/jira/browse/WW-5536
>             Project: Struts 2
>          Issue Type: Dependency
>          Components: Core
>    Affects Versions: 6.7.0, 7.0.0
>            Reporter: Lukasz Lenart
>            Assignee: Lukasz Lenart
>            Priority: Major
>             Fix For: 7.2.0
>
>          Time Spent: 2.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to