Thanks Daniel,
Especially, about the link you provided. I'll double check that!
Jacques
Le 17/05/2020 à 11:08, Daniel Dekany a écrit :
It's not backward compatible to change it, but if it would be really useful
to use SAFER_RESOLVER, then we should do it with incompatible_improvements
anyway
It's not backward compatible to change it, but if it would be really useful
to use SAFER_RESOLVER, then we should do it with incompatible_improvements
anyway (and actually it's scheduled to be done with
incompatible_improvements 2.4). However, it's not too useful as far as I
see. If you trust
I think it will break almost everything because most of our FTL is executing
code anyways. You can try it yourself to see if it works.
On Sunday, May 17, 2020 09:41 +03, Jacques Le Roux
wrote:
Hi,
After reading https://ackcent.com/blog/in-depth-freemarker-template-injection/
I wonder why
Hi,
After reading https://ackcent.com/blog/in-depth-freemarker-template-injection/ I wonder why we have not TemplateClassResolver.SAFER_RESOLVER[1] used
by default, like there is:
The api_builtin_enabled configuration setting must be set to true. Its default is false (at least as of