Hi everybody, First, thank you very much to all commiters for the new version of Struts 7.0.0 : it is a great improvement for many apps in my firm.
I think, there is maybe a bug inside the SecurityMemberAccess : it appears when an ognl expression such as `(new com.mycompany.MyClass()).method()` While processing security checks before the ognl runtime calls the constructor, the program executes the method `org.apache.struts2.ognl.SecurityMemberAccess#isAccessible` Inside this method, we pass through < the case where target is a class object >. At the end of this block, the `target` becomes null (line 153). So the next test (`org.apache.struts2.ognl.SecurityMemberAccess#checkProxyObjectAccess`, line 160) Is executed with target as null. But as `checkProxyObjectAccess ` calls ` ProxyUtil.isProxy(target)` with target as null, it raises a NullPointerException. Maybe ognl expression such as `(new com.mycompany.MyClass()).method()` is not a good practice, but would it be possible to fix this the NullPointerException ? I suggested that `checkProxyObjectAccess` should return true if it is called with null value Best regards Fabrice
