Details
-
Bug
-
Resolution: Fixed
-
Low
-
None
-
None
-
Severity 2 - Major
-
Description
Various hardening changes have been applied to OGNL. In specific, there seems to be a number of changes that relate to https://struts.apache.org/docs/s2-034.html being fixed in OGNL versions >= 3.0.12.
We suspect that changes including https://issues.apache.org/jira/browse/OGNL-252, https://github.com/jkuhnert/ognl/pull/9 and https://github.com/jkuhnert/ognl/commit/1da0a238cd90ab1affda30620dcc388a030db1e7 may be related to https://struts.apache.org/docs/s2-034.htm.