2017-03-12 18:48 GMT+01:00 Yasser Zamani :
>> This is strange, this can only happen if you used OGNL 3.1.14 or
>> 3.0.20 [1] but this wasn't part of Struts 2.3.32
> Don't worry Lukasz , it was not about #context accessibility; OGNL
> successfully compiles and goes forward until
> `javax.servlet.htt
On 3/12/2017 8:21 PM, Lukasz Lenart wrote:
> 2017-03-12 15:57 GMT+01:00 Yasser Zamani :
>> Hi Anurag,
>>
>> I hope it's not too late but I have some comments.
>>
>> Today we updated to Struts2.3.32 to fix security issue S2-045.
>>
>> After that, similar to your problem, we lost following OGNL eva
2017-03-12 15:57 GMT+01:00 Yasser Zamani :
> Hi Anurag,
>
> I hope it's not too late but I have some comments.
>
> Today we updated to Struts2.3.32 to fix security issue S2-045.
>
> After that, similar to your problem, we lost following OGNL evaluation
> to null in our JSPs :(
>
> "%{#context['com.
Remote Code Execution
> (Metasploit). CVE-2014-0094,CVE-2014-0112,CVE-2014-0113. Remote exploit
> for Multiple platform
>
>
>
>
> ------------
> *From:* Anurag kumar
> *Sent:* Tuesday, January 31, 2017 6:53 PM
> *To:* dev@struts.apache.org
> *
, January 31, 2017 6:53 PM
To: dev@struts.apache.org
Subject: Struts 2.3.31 is excluding generic object.
Hi,
My Action class returns generic object and It was working fine with struts
2.3.16 but after upgrading with struts 2.3.31. It is excluding generic object.
I found constant in struts-defaul
Hi,
My Action class returns generic object and It was working fine with struts
2.3.16 but after upgrading with struts 2.3.31. It is excluding generic object.
I found constant in struts-default.xml
while searching. Here java.lang.Object is excluded. My concern is if I am
overriding this constan
