Ah just saw this - I've already created a fix PR, took me a little
longer than expected as it turns out there were a few more broken
Showcase Actions which I've also fixed
https://github.com/apache/struts/pull/986
On Sat, Jul 13, 2024 at 7:23 PM Lukasz Lenart wrote:
>
> sob., 13 lip 2024 o 10:23
sob., 13 lip 2024 o 10:23 Kusal Kithul-Godage
napisał(a):
> That's correct, it's only enabled by default from 7.0, but I enabled
> it manually for the Showcase App so we can ensure its functionality
> and catch regressions. It seems in this case, we have an Action that
> utilises the Convention pl
That's correct, it's only enabled by default from 7.0, but I enabled
it manually for the Showcase App so we can ensure its functionality
and catch regressions. It seems in this case, we have an Action that
utilises the Convention plugin but isn't actually covered by any
tests.
On Sat, Jul 13, 2024
sob., 13 lip 2024 o 08:05 Kusal Kithul-Godage
napisał(a):>
> Let me take a look, I think I overlooked testing the OGNL allowlist
> with the Convention plugin - created WW-5440 to track.
BTW. I thought the stronger security settings have been enabled since
Struts 7, did I miss something?
Regards
Let me take a look, I think I overlooked testing the OGNL allowlist
with the Convention plugin - created WW-5440 to track.
On Sat, Jul 13, 2024 at 3:04 PM Lukasz Lenart wrote:
>
> Hi,
>
> I'm playing a bit with our Showcase App and noticed a few issues
> related to the latest security changes. He
Hi,
I'm playing a bit with our Showcase App and noticed a few issues
related to the latest security changes. Here is an example method
annotated as follow:
@Action(value = "bean-validation", results = {
@Result(name = "success", location = "bean-validation.jsp")
})
@SkipValidation
public Stri