Raised this in Stackoverflow and got to know the recent security changes for OGNL
https://struts.apache.org/security/#apply-a-maximum-allowed-length-on-ognl-expressions I will work on getting this expression into a variable. ~K -----Original Message----- From: Krishnaraj Viswanathan Sent: 12 July 2022 18:08 To: user@struts.apache.org Subject: [External] : Struts 6.0.0 Upgrade issue: Security Exception for s:select list attribute that is quite long Hi, We upgrade our dev environment from Struts 2.5.30 to Struts 6.0.0 and we found that our "s:select" tag with a "list" attribute of time intervals (list="#{'12:00':'12:00 PM', '12:30':'12:30 PM', '13:00':'1:00 PM',... covering the whole day) is now throwing a security Exception as below ognl.OgnlException: Parsing blocked due to security reasons! Caused by: java.lang.SecurityException: This expression exceeded maximum allowed length: #{'12:00':'12:00 PM', '12:30':'12:30 PM', '13:00':'1:00 PM','13:30':'1:30 PM', Is it possible to relax this validation temporarily for my specific tag or would it be easier if I look for alternatives in implementing this for Struts 6.0.0. ~Krishnaraj V --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
