This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-staging by this push: new 2241a52c0 Updates stage by Jenkins 2241a52c0 is described below commit 2241a52c0191763af1fa5d45cd4b83bcba426d9e Author: jenkins <bui...@apache.org> AuthorDate: Tue Jan 2 08:49:22 2024 +0000 Updates stage by Jenkins --- content/security/index.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/content/security/index.html b/content/security/index.html index 6161c56ea..477442f7b 100644 --- a/content/security/index.html +++ b/content/security/index.html @@ -483,7 +483,9 @@ below) offers much stronger protection. However, for the strongest level of prot to the ActionContext from OGNL expressions entirely.</p> <p>Note that before disabling access to the ActionContext from OGNL expressions, you should ensure that your application -does not rely on this capability. As of Struts 6.4.0, the Set and Action Struts components require this capability.</p> +does not rely on this capability. OGNL expressions may access the context directly using the <code class="language-plaintext highlighter-rouge">#</code> operator, or indirectly +using the OgnlValueStack’s fallback to context lookup capability. As of Struts 6.4.0, the Set and Action Struts +components require ActionContext access from OGNL expressions.</p> <p>To disable access to the ActionContext from OGNL expressions, set the following constants in your <code class="language-plaintext highlighter-rouge">struts.xml</code> or <code class="language-plaintext highlighter-rouge">struts.properties</code> file. Please also refer to the documentation below for further details on these configuration