Hello
I am running 2.5.21 in production in several projects. Everything is
running fine and smooth. No issues so far.
Markus
Am 18.11.19 um 02:30 schrieb J C:
> Hello.
>
> Did some testing of the showcase and rest-showcase applications in the 2.5.21
> test build (and a very quick test of the 2.
Hello.
Did some testing of the showcase and rest-showcase applications in the 2.5.21
test build (and a very quick test of the 2.5.22 test build as well). Things
seemed to work properly in both cases with no obvious errors seen in the
console or via browser navigation. The tests also included
;
> Regards.
>
>> -Original Message-
>> From: J C
>> Sent: Saturday, November 9, 2019 8:13 AM
>> To: Struts Developers List
>> Subject: Re: Struts 2.5.21 test build is ready
>>
>> Hello Markus (and Struts Developers List).
>>
>&g
9, 2019 8:13 AM
>To: Struts Developers List
>Subject: Re: Struts 2.5.21 test build is ready
>
> Hello Markus (and Struts Developers List).
>
>Thanks for confirming that changing the expressionMaxLength value to 1024 did
>actually suppress the exception behaviour and warning out
Hello Markus (and Struts Developers List).
Thanks for confirming that changing the expressionMaxLength value to 1024 did
actually suppress the exception behaviour and warning output you original
received with the test build of 2.5.21. That suggestion was more to confirm
that changing the value
Hi Yasser
thanks for reconsidering and your detailed answers. I appreciate your
detailed feedback very much. And thanks for specifying that there _is_
an option to disable the restrictions by using:
I suspect it will never be possible with such an approach to find a
general correct balance betw
Hi Markus,
Sorry for inconvenience - yes that was my genius idea ;) ensued from my
vision on our security reports and in the first place, it didn't look
bad to me because I'd seen similar practices in variety of places for
example in http, tomcat, nginx and etc.
However, I also shared and disc
Or maybe even use some very large number and reduce it to 256 in
Struts 2.6 :thinking:
pt., 8 lis 2019 o 08:02 Lukasz Lenart napisał(a):
>
> pt., 8 lis 2019 o 02:02 J C napisał(a):
> > If you have expressions in your application longer than the default limit
> > in 2.5.21 (200), that may be cau
pt., 8 lis 2019 o 00:06 Dave napisał(a):
> I just did a build of Apache Roller 6 (not yet released) using Struts
> 2.5.21 test bits (pulled from the staging repo) and so far, things seem to
> be working fine. Roller 6 requires Java 11 and with Struts 2.5.20 I was
> getting an irritating ERROR abou
czw., 7 lis 2019 o 23:12 i...@flyingfischer.ch
napisał(a):
>
> See new errors like this:
>
> Caused by: java.lang.SecurityException: This expression exceeded maximum
> allowed length:..
>
> followed by a longer OGNL expression in JSP.
Thanks a lot Markus, this is due to a new max expression lengt
pt., 8 lis 2019 o 02:02 J C napisał(a):
> If you have expressions in your application longer than the default limit in
> 2.5.21 (200), that may be causing the exception (and hopefully also the WARN
> output).
>
> Please try applying a configuration change for your application (replace 1024
> wi
Hello JC
thanks for replying. There are several flaws with the idea to limit the
length of a OGNL expression string due to secutity reasons:
First: the parsing of the expression will be BLOCKED, as intended, and
an exception is being thrown:
ognl.OgnlException: Parsing blocked due to security re
Sorry - theree is a typo I missed in copy/paste. That should have been:
(if using struts.xml) -
James. On Thursday, November 7, 2019, 8:02:13 p.m. EST, J C
wrote:
(Sorry about the separate thread for reply)
Hello Markus.
If you have expressions in your application longer than the d
(Sorry about the separate thread for reply)
Hello Markus.
If you have expressions in your application longer than the default limit in
2.5.21 (200), that may be causing the exception (and hopefully also the WARN
output).
Please try applying a configuration change for your application (replace
I just did a build of Apache Roller 6 (not yet released) using Struts
2.5.21 test bits (pulled from the staging repo) and so far, things seem to
be working fine. Roller 6 requires Java 11 and with Struts 2.5.20 I was
getting an irritating ERROR about "requires ASM7" but everything seemed to
work fi
It is reported in WARN level:
WARN com.opensymphony.xwork2.ognl.OgnlValueStack - Could not evaluate
this expression due to security constraints:
Markus
Am 07.11.19 um 23:12 schrieb i...@flyingfischer.ch:
> See new errors like this:
>
> Caused by: java.lang.SecurityException: This expression exce
See new errors like this:
Caused by: java.lang.SecurityException: This expression exceeded maximum
allowed length:..
followed by a longer OGNL expression in JSP.
Markus
Am 07.11.19 um 20:57 schrieb Lukasz Lenart:
> Hi,
>
> Please take a time and test the bits - any help is appreciated. Please
>
17 matches
Mail list logo