k4n5ha0 commented on PR #545:
URL: https://github.com/apache/struts/pull/545#issuecomment-1115910565
> This kind of attack can be simple prevented by setting up
[struts.ognl.expressionMaxLength](https://struts.apache.org/security/#apply-a-maximum-allowed-length-on-ognl-expressions)
and your
k4n5ha0 commented on code in PR #546:
URL: https://github.com/apache/struts/pull/546#discussion_r863610769
##
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##
@@ -168,8 +170,20 @@ protected boolean isClassExcluded(Class clazz) {
return t
[
https://issues.apache.org/jira/browse/WW-5179?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart updated WW-5179:
--
Fix Version/s: 2.6
> struts.ognl.expressionMaxLength default set 400
> ---
[
https://issues.apache.org/jira/browse/WW-5179?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Lenart updated WW-5179:
--
Affects Version/s: (was: 2.6)
> struts.ognl.expressionMaxLength default set 400
>
[
https://issues.apache.org/jira/browse/WW-5180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531117#comment-17531117
]
Lukasz Lenart commented on WW-5180:
---
Just for future, if you discovered a security vulnera
lukaszlenart commented on PR #545:
URL: https://github.com/apache/struts/pull/545#issuecomment-1115892354
This kind of attack can be simple prevented by setting up
[struts.ognl.expressionMaxLength](https://struts.apache.org/security/#apply-a-maximum-allowed-length-on-ognl-expressions)
and y
lukaszlenart commented on code in PR #546:
URL: https://github.com/apache/struts/pull/546#discussion_r863597663
##
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##
@@ -168,8 +170,20 @@ protected boolean isClassExcluded(Class clazz) {
ret
lukaszlenart commented on code in PR #546:
URL: https://github.com/apache/struts/pull/546#discussion_r863586541
##
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##
@@ -168,8 +170,20 @@ protected boolean isClassExcluded(Class clazz) {
ret
k4n5ha0 commented on code in PR #546:
URL: https://github.com/apache/struts/pull/546#discussion_r863581227
##
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##
@@ -168,8 +170,20 @@ protected boolean isClassExcluded(Class clazz) {
return t
lukaszlenart commented on code in PR #546:
URL: https://github.com/apache/struts/pull/546#discussion_r863578444
##
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##
@@ -168,8 +170,20 @@ protected boolean isClassExcluded(Class clazz) {
ret
k4n5ha0 commented on code in PR #546:
URL: https://github.com/apache/struts/pull/546#discussion_r863576527
##
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##
@@ -168,8 +170,20 @@ protected boolean isClassExcluded(Class clazz) {
return t
lukaszlenart commented on code in PR #546:
URL: https://github.com/apache/struts/pull/546#discussion_r863575099
##
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##
@@ -168,8 +170,20 @@ protected boolean isClassExcluded(Class clazz) {
ret
k4n5ha0 commented on code in PR #546:
URL: https://github.com/apache/struts/pull/546#discussion_r863573821
##
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##
@@ -168,8 +170,20 @@ protected boolean isClassExcluded(Class clazz) {
return t
lukaszlenart commented on code in PR #546:
URL: https://github.com/apache/struts/pull/546#discussion_r863569592
##
core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java:
##
@@ -168,8 +170,20 @@ protected boolean isClassExcluded(Class clazz) {
ret
14 matches
Mail list logo
