[jira] [Commented] (WW-4348) Remove access to static methods

2019-02-01 Thread Lukasz Lenart (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16758069#comment-16758069 ] Lukasz Lenart commented on WW-4348: --- I meant, you cannot use {{#application}} in a http re

[jira] [Commented] (WW-4348) Remove access to static methods

2019-01-24 Thread Markus Wulftange (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16751496#comment-16751496 ] Markus Wulftange commented on WW-4348: -- What do you mean by it gets blocked from outsid

[jira] [Commented] (WW-4348) Remove access to static methods

2019-01-22 Thread Lukasz Lenart (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16748526#comment-16748526 ] Lukasz Lenart commented on WW-4348: --- Yeah, but we block access to {{#application}} from ou

[jira] [Commented] (WW-4348) Remove access to static methods

2019-01-19 Thread Markus Wulftange (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16747199#comment-16747199 ] Markus Wulftange commented on WW-4348: -- HiĀ [~lukaszlenart], _freemarker.Configuration_

[jira] [Commented] (WW-4348) Remove access to static methods

2019-01-17 Thread Lukasz Lenart (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16744994#comment-16744994 ] Lukasz Lenart commented on WW-4348: --- [~mwulftange] could you check with the latest 2.5.20

[jira] [Commented] (WW-4348) Remove access to static methods

2017-01-10 Thread Markus Wulftange (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15816378#comment-15816378 ] Markus Wulftange commented on WW-4348: -- Here is also a _ClassLoader_ bypass: {noformat}

[jira] [Commented] (WW-4348) Remove access to static methods

2017-01-10 Thread Markus Wulftange (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15816136#comment-15816136 ] Markus Wulftange commented on WW-4348: -- Well, it works with the latest 2.5.8. > Remove

[jira] [Commented] (WW-4348) Remove access to static methods

2017-01-10 Thread Lukasz Lenart (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15815957#comment-15815957 ] Lukasz Lenart commented on WW-4348: --- [~mwulftange] but this doesn't work since Struts 2.3.2

[jira] [Commented] (WW-4348) Remove access to static methods

2017-01-08 Thread Markus Wulftange (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15809959#comment-15809959 ] Markus Wulftange commented on WW-4348: -- No, this can be specified where ever OGNL expres

[jira] [Commented] (WW-4348) Remove access to static methods

2017-01-08 Thread Lukasz Lenart (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15809899#comment-15809899 ] Lukasz Lenart commented on WW-4348: --- [~mwulftange] but as far I understand this must be def

[jira] [Commented] (WW-4348) Remove access to static methods

2017-01-05 Thread Markus Wulftange (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15801069#comment-15801069 ] Markus Wulftange commented on WW-4348: -- Disallowing static methods isn't sufficient. Wit

[jira] [Commented] (WW-4348) Remove access to static methods

2016-12-01 Thread Lukasz Lenart (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15711283#comment-15711283 ] Lukasz Lenart commented on WW-4348: --- It's here to remind us about pass vulnerabilities arou

[jira] [Commented] (WW-4348) Remove access to static methods

2016-12-01 Thread Michael Krause (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15711251#comment-15711251 ] Michael Krause commented on WW-4348: Oh good, that is very reassuring. Maybe you can set

[jira] [Commented] (WW-4348) Remove access to static methods

2016-11-30 Thread Lukasz Lenart (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15709166#comment-15709166 ] Lukasz Lenart commented on WW-4348: --- Yeah.. we know that, that's why it hangs here ;-) > R

[jira] [Commented] (WW-4348) Remove access to static methods

2016-11-30 Thread Michael Krause (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15709039#comment-15709039 ] Michael Krause commented on WW-4348: Please do not 'fix' this 'bug'. Access to static met

[jira] [Commented] (WW-4348) Remove access to static methods

2016-01-10 Thread victorsosa (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15091053#comment-15091053 ] victorsosa commented on WW-4348: OK so it need to be false > Remove access to static methods

[jira] [Commented] (WW-4348) Remove access to static methods

2016-01-10 Thread Lukasz Lenart (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15091051#comment-15091051 ] Lukasz Lenart commented on WW-4348: --- Nope, by defining {code:xml} {code} you'll enable ac

[jira] [Commented] (WW-4348) Remove access to static methods

2016-01-10 Thread victorsosa (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15091046#comment-15091046 ] victorsosa commented on WW-4348: So can I just add Into the config file so it start runni

[jira] [Commented] (WW-4348) Remove access to static methods

2016-01-10 Thread Lukasz Lenart (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15091045#comment-15091045 ] Lukasz Lenart commented on WW-4348: --- Yes, the idea is to drop such functionality because it

[jira] [Commented] (WW-4348) Remove access to static methods

2016-01-10 Thread victorsosa (JIRA)
[ https://issues.apache.org/jira/browse/WW-4348?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15091016#comment-15091016 ] victorsosa commented on WW-4348: This is already implemented, please check com.opensymphony.