You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Lukasz Lenart (JIRA)" <ji...@apache.org> on 2017/03/09 14:35:37 UTC

[jira] [Commented] (WW-4752) getters of exclude-sets in OgnlUtil should return immutable collections

    [ https://issues.apache.org/jira/browse/WW-4752?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15903125#comment-15903125 ] 

Lukasz Lenart commented on WW-4752:
-----------------------------------

Yes, this will be implemented. The fix related to S2-045 was as simpler as possible to avoid side effects.

> getters of exclude-sets in OgnlUtil should return immutable collections
> -----------------------------------------------------------------------
>
>                 Key: WW-4752
>                 URL: https://issues.apache.org/jira/browse/WW-4752
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 2.5.10
>            Reporter: Michael Hintenaus
>            Priority: Critical
>              Labels: security
>             Fix For: 2.5.next
>
>
> due to [https://cwiki.apache.org/confluence/display/WW/S2-045] something like getExcludedPackageNames().clear() should not be possible



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)