Fair points, thank you. They seem to lead into the point of view that JEXL (or
any scripting solution?) should not expose any feature that could be considered
security-related avoiding the CVE potential turmoils alltogether. Trusted
sanitised input is expected and required so this is a moot
+1
ASC and SHA512 files OK
Built from src zip with default Maven goal using:
Darwin 21.6.0 Darwin Kernel Version 21.6.0: Mon Aug 22 20:17:10
PDT 2022; root:xnu-8020.140.49~2/RELEASE_X86_64 x86_64
Apache Maven 3.8.6 (84538c9988a25aec085021c365c560670ad80f63)
Maven home:
Ping ;-)
On 2022/10/23 14:58:05 Gary Gregory wrote:
> We have fixed one bug since Apache Commons BCEL 6.6.0 was released, so
> I would like to release Apache Commons BCEL 6.6.1. This will help
> SpotBugs migrate from 6.5.0.
>
> Apache Commons BCEL 6.6.1 RC1 is available for review here:
>
I think a camelCase edit was missed in classfile/FieldOrMethod.java. The
method 'copy_' has constantPool in the arg list and constant_pool in the
body. constant_pool is class field and I don’t think the intention of copy_
is to reuse the existing ConstantPool.
Mark
-Original Message-
Looking on the plug-in side (1) if this hasn’t changed any and I’m reading
it correctly, seems like the json Node in use has no displayName or name
attributes present.
Reference
(1)
On 26/10/2022 08:58, Henri Biestro wrote:
Fair points, thank you. They seem to lead into the point of view that JEXL (or
any scripting solution?) should not expose any feature that could be considered
security-related avoiding the CVE potential turmoils alltogether. Trusted
sanitised input is
Validated signatures on the binary and src distributions.
Built from src.zip using:
maven install site -P jacoco -P japicmp
Apache Maven 3.8.6 (84538c9988a25aec085021c365c560670ad80f63)
Maven home: /usr/local/apache-maven-3
Java version: 11.0.16, vendor: Ubuntu, runtime:
