You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Kusal Kithul-Godage (Jira)" <ji...@apache.org> on 2023/06/21 07:04:00 UTC
[jira] [Closed] (WW-5313) Struts default class exclusion list is not compatible with JRE21
[ https://issues.apache.org/jira/browse/WW-5313?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kusal Kithul-Godage closed WW-5313.
-----------------------------------
Fix Version/s: (was: 6.2.0)
Resolution: Invalid
Incorrectly filed - `java.lang.Compiler` is not included in `struts-excluded-classes.xml`
> Struts default class exclusion list is not compatible with JRE21
> ----------------------------------------------------------------
>
> Key: WW-5313
> URL: https://issues.apache.org/jira/browse/WW-5313
> Project: Struts 2
> Issue Type: Improvement
> Components: Core
> Affects Versions: 6.1.2
> Reporter: Kusal Kithul-Godage
> Priority: Minor
>
> Following [JDK-8205129|https://bugs.openjdk.org/browse/JDK-8205129], `java.lang.Compiler` no longer exists and causes a Struts application using the default class exclusion list to fail to start.
> Whilst that class can be removed from the exclusion list, the application will then be less secure when run on JREs older than 21.
> Perhaps we can keep, but silently ignore the `java.lang.Compiler` exclusion when the detected JRE version is 21 or greater.
> This will allow a Struts application to be run on any JRE without having to change the exclusion list depending on the JRE on which it is intended to run.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)