kusalk commented on code in PR #234: URL: https://github.com/apache/struts-site/pull/234#discussion_r1562373763
########## source/security/index.md: ########## @@ -433,10 +433,16 @@ with other known dangerous classes or packages in your application. We additionally recommend enabling the following options (enabled by default in 7.0). - * `struts.ognl.allowStaticFieldAccess=false` - static methods are always blocked, but static fields can also optionally be blocked - * `struts.disallowProxyMemberAccess=true` - disallow proxied objects from being used in OGNL expressions as they may present a security risk Review Comment: I think it's best we push developers to use `struts.disallowProxyObjectAccess` rather than `struts.disallowProxyMemberAccess` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
