But i guess its always good to give first preference to strust2 core security
check (ie acceptableName check first) as long as struts2 OGNL is vulnerable.
Users of strust2 framework should not bypass these default check by mistake
by excluding it in acceptableParams.
So i hope the following code w
Am 05.09.13 07:33, schrieb Lukasz Lenart:
> 2013/9/4 Christian Grobmeier :
>> I have removed the "module" section in $root/src/site and now they
>> should not be linked.
>> I am a bit concerned with removing all src/site. I did that locally, but
>> the sites are still generated with default setting
2013/9/5 Christian Grobmeier :
>> I had a reason to add all those src/site's ;-)
> Is the reason still valid?
I cannot recall what it was ;-) So maybe it ins't valid anymore ;-)
> I have no problem keeping them, as I found out how to remove it from the
> links section.
> Otherwise they do not see
Hi folks,
there is a new proposal at the incubator:
http://wiki.apache.org/incubator/CastafioreProposal
I asked the creator Kureem if Struts apps could benefit from it and he
said "yes". He even tried it out writing some kind of example. As I
understood it, it would be possible to make "javascri
2013/9/5 Christian Grobmeier :
> Am 05.09.13 20:43, schrieb Lukasz Lenart:
>> Guys,
>>
>> are you serious? are you blaming OGNL? the hammer? 100% of
>> vulnerability related to OGNL was our - developers - fault. We did use
>> (and still do) the hammer in inappropriate way. Changing hammer is not
>>
Am 05.09.13 20:43, schrieb Lukasz Lenart:
> Guys,
>
> are you serious? are you blaming OGNL? the hammer? 100% of
> vulnerability related to OGNL was our - developers - fault. We did use
> (and still do) the hammer in inappropriate way. Changing hammer is not
> the solution!
The hammer is stuck at A
I support EL3 over OGNL, but I realize this will be an uphill battle. I've
used Struts2/Webwork with EL for years and I can continue to do that on my
own.
On Thu, Sep 5, 2013 at 3:22 PM, Lukasz Lenart wrote:
> 2013/9/5 Christian Grobmeier :
> > Am 05.09.13 20:43, schrieb Lukasz Lenart:
> >> Guys
Guys,
are you serious? are you blaming OGNL? the hammer? 100% of
vulnerability related to OGNL was our - developers - fault. We did use
(and still do) the hammer in inappropriate way. Changing hammer is not
the solution!
Things related to ${} or %{} should be clarified - %{} is called an
alternat
I'm not saying that users can't have other options - and have few
support for few ELs is a nice idea and bad as well - more to support
;-)
Regards
--
Ćukasz
+ 48 606 323 122 http://www.lenart.org.pl/
2013/9/5 Steven Benitez :
> I support EL3 over OGNL, but I realize this will be an uphill battl
