Re: Problems with commons-beanutils-1.9.4

2020-03-08 Thread Claude Brisson
On 20-02-07 17 h 44, Nathan Bubna wrote: As for setClass(Class cls), couldn't we just change it to: public void setClass(String classname) { setClassname(classname); } Seems like that would keep the class="org.com.Foo" config syntax working and avoid the security issue, right? Nah,

Re: Problems with commons-beanutils-1.9.4

2020-02-07 Thread Nathan Bubna
Or maybe even just put a 3.x compatible version of the Struts tools up on github as an independent fork. Probably easier than talking the Struts devs into it. On Thu, Feb 6, 2020 at 11:10 PM Claude Brisson wrote: > On 20-02-06 16 h 15, Christopher Schultz wrote: > > > 3.0 completely dropped

Re: Problems with commons-beanutils-1.9.4

2020-02-07 Thread Nathan Bubna
Yeah, moving to jetty-maven-plugin would be good. I use that heavily at work. As for setClass(Class cls), couldn't we just change it to: public void setClass(String classname) { setClassname(classname); } Seems like that would keep the class="org.com.Foo" config syntax working and avoid the

Re: Problems with commons-beanutils-1.9.4

2020-02-06 Thread Claude Brisson
On 20-02-06 16 h 15, Christopher Schultz wrote: 3.0 completely dropped support for Struts, which is a requirement for me, so I don't have any current stake in velocity-tools 3.0. I'm happy to do the work (delete 4 lines of code; document; commit) but I won't have anything to test it with other

Re: Problems with commons-beanutils-1.9.4

2020-02-06 Thread Claude Brisson
Hi. I suspect the class= problem only happens when running under a security manager. I had set up the cargo maven plugin to run the showcase example under a security manager, but it was failing under window so for now it's commented in the showcase pom file. There are several other problems

Re: Problems with commons-beanutils-1.9.4

2020-02-06 Thread Nathan Bubna
I should have noticed i was responding on the user thread. Sorry. Taking this just to dev, since users probably won't need to hear my response. If you're willing to commit the change for 3.0, even though you don't use it, that'd be great. I think you are right that just yanking the code and

Re: Problems with commons-beanutils-1.9.4

2020-02-06 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nathan, (Apologies for the cross-post, but this is a very dev-y response. After this message in the thread, I will reply only on the dev@ list). On 2/5/20 1:09 PM, Nathan Bubna wrote: > Thanks for drilling into that, Chris! I was reading, but have