This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5358-excl-list
in repository https://gitbox.apache.org/repos/asf/struts.git
commit c2aec9c0761df0140d8ce9328d8d7bb2aa4b309a
Author: Kusal Kithul-Godage <g...@kusal.io>
AuthorDate: Wed Oct 25 15:44:07 2023 +1100
WW-5358 Expand exclusion lists
---
.../src/main/resources/struts-excluded-classes.xml | 103 +++++++++++++--------
1 file changed, 65 insertions(+), 38 deletions(-)
diff --git a/core/src/main/resources/struts-excluded-classes.xml
b/core/src/main/resources/struts-excluded-classes.xml
index 226f064bb..0d95f9c2c 100644
--- a/core/src/main/resources/struts-excluded-classes.xml
+++ b/core/src/main/resources/struts-excluded-classes.xml
@@ -28,27 +28,40 @@
<constant name="struts.excludedClasses"
value="
- java.lang.Object,
- java.lang.Runtime,
- java.lang.System,
+ com.opensymphony.xwork2.ActionContext,
java.lang.Class,
java.lang.ClassLoader,
- java.lang.Shutdown,
+ java.lang.InheritableThreadLocal,
+ java.lang.Object,
+ java.lang.Package,
+ java.lang.Process,
java.lang.ProcessBuilder,
+ java.lang.Runtime,
+ java.lang.RuntimePermission,
+ java.lang.SecurityManager,
+ java.lang.Shutdown,
+ java.lang.System,
java.lang.Thread,
- sun.misc.Unsafe,
- com.opensymphony.xwork2.ActionContext"/>
+ java.lang.ThreadGroup,
+ java.lang.ThreadLocal"/>
<constant name="struts.devMode.excludedClasses"
value="
- java.lang.Object,
- java.lang.Runtime,
- java.lang.System,
java.lang.Class,
java.lang.ClassLoader,
- java.lang.Shutdown,
+ java.lang.InheritableThreadLocal,
+ java.lang.Object,
+ java.lang.Package,
+ java.lang.Process,
java.lang.ProcessBuilder,
- sun.misc.Unsafe"/>
+ java.lang.Runtime,
+ java.lang.RuntimePermission,
+ java.lang.SecurityManager,
+ java.lang.Shutdown,
+ java.lang.System,
+ java.lang.Thread,
+ java.lang.ThreadGroup,
+ java.lang.ThreadLocal"/>
<!-- this must be valid regex, each '.' in package name must be escaped!
-->
<!-- it's more flexible but slower than simple string comparison -->
@@ -58,50 +71,64 @@
<!-- All classes within the following packages and their sub-packages are
excluded -->
<constant name="struts.excludedPackageNames"
value="
- ognl,
- java.io,
- java.net,
- java.nio,
- javax,
+ antlr.build,
+ com.opensymphony.xwork2.config,
+ com.opensymphony.xwork2.inject,
+ com.opensymphony.xwork2.ognl,
+ com.opensymphony.xwork2.security,
+ com.opensymphony.xwork2.util,
freemarker.core,
- freemarker.template,
freemarker.ext.jsp,
freemarker.ext.rhino,
- sun.misc,
- sun.reflect,
+ freemarker.template,
+ java.io,
+ java.net,
+ java.nio,
javassist,
+ javax,
+ ognl,
+ org.apache.catalina.core,
+ org.apache.commons.beanutils,
+ org.apache.commons.collections,
+ org.apache.struts2.ognl,
+ org.apache.tomcat,
org.apache.velocity,
org.objectweb.asm,
org.springframework.context,
+ org.wildfly.extension.undertow.deployment,
+ org.yaml.snakeyaml,
+ sun.misc,
+ sun.reflect"/>
+
+ <constant name="struts.devMode.excludedPackageNames"
+ value="
+ antlr.build,
+ com.opensymphony.xwork2.config,
com.opensymphony.xwork2.inject,
com.opensymphony.xwork2.ognl,
com.opensymphony.xwork2.security,
com.opensymphony.xwork2.util,
- org.apache.struts2.ognl,
- org.apache.tomcat,
- org.apache.catalina.core,
- org.wildfly.extension.undertow.deployment"/>
-
- <constant name="struts.devMode.excludedPackageNames"
- value="
- ognl,
- java.io,
- java.net,
- java.nio,
- javax,
freemarker.core,
- freemarker.template,
freemarker.ext.jsp,
freemarker.ext.rhino,
- sun.misc,
- sun.reflect,
+ freemarker.template,
+ java.io,
+ java.net,
+ java.nio,
javassist,
+ javax,
+ ognl,
+ org.apache.catalina.core,
+ org.apache.commons.beanutils,
+ org.apache.commons.collections,
+ org.apache.struts2.ognl,
+ org.apache.tomcat,
org.apache.velocity,
org.objectweb.asm,
org.springframework.context,
- com.opensymphony.xwork2.inject,
- com.opensymphony.xwork2.ognl,
- com.opensymphony.xwork2.security,
- com.opensymphony.xwork2.util"/>
+ org.wildfly.extension.undertow.deployment,
+ org.yaml.snakeyaml,
+ sun.misc,
+ sun.reflect"/>
</struts>
