You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@struts.apache.org by "Kevin Su (JIRA)" <ji...@apache.org> on 2013/06/18 23:12:23 UTC

[jira] [Created] (WW-4113) Bug in Ognl 3.0.5 / 3.0.6

Kevin Su created WW-4113:
----------------------------

             Summary: Bug in Ognl 3.0.5 / 3.0.6
                 Key: WW-4113
                 URL: https://issues.apache.org/jira/browse/WW-4113
             Project: Struts 2
          Issue Type: Bug
          Components: Expression Language
    Affects Versions: 2.3.15, 2.3.14.3, 2.3.14.2, 2.3.14.1, 2.3.14, 2.3.12, 2.3.8, 2.3.7, 2.3.4.1, 2.3.4
            Reporter: Kevin Su


Struts since 2.3.4 (maybe earlier as well) has dependency on ognl.OgnlRuntime 3.0.5 / 3.0.6.  OgnlRuntime 3.0.5/3.0.6 has a bug in the cache implementation to look up the getter and setter methods.  The hashCode of the action class (in combination to the hashCode for the name of the property) is used as a unique key into the cache of getter and setters.  

Since hashCode can not be relied on to be unique, setting the property on the target action class may fail because the wrong method from another action is returned.

The latest implemenation of OgnlRuntime in Apache commons has the proper implementation. 

We are currently using our own patched version of 3.0.6 to work around the issue.  However, we'll like to see this resolved so we don't need to maintain our own private version of Ognl.  

Is there a plan to migrate the dependency to the Apache commons distribution of Ognl? If not, we'll be happy to share our fix.


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira