On Jul 31, 2013, at 9:25 AM, Dave Newton <[email protected]> wrote: > I'm not convinced OGNL itself is the issue, but > rather its unfettered access into internals. An intermediate, sandbox-y > layer might resolve that.
It's only partially what data ognl can fetch/modify, it's also what it can do. System.exit() is clearly something undesirable to execute unexpectedly (although probably less harmful than other actions). -Dale --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
