This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/struts-site.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new 2241a52c0 Updates stage by Jenkins
2241a52c0 is described below
commit 2241a52c0191763af1fa5d45cd4b83bcba426d9e
Author: jenkins <[email protected]>
AuthorDate: Tue Jan 2 08:49:22 2024 +0000
Updates stage by Jenkins
---
content/security/index.html | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/content/security/index.html b/content/security/index.html
index 6161c56ea..477442f7b 100644
--- a/content/security/index.html
+++ b/content/security/index.html
@@ -483,7 +483,9 @@ below) offers much stronger protection. However, for the
strongest level of prot
to the ActionContext from OGNL expressions entirely.</p>
<p>Note that before disabling access to the ActionContext from OGNL
expressions, you should ensure that your application
-does not rely on this capability. As of Struts 6.4.0, the Set and Action
Struts components require this capability.</p>
+does not rely on this capability. OGNL expressions may access the context
directly using the <code class="language-plaintext highlighter-rouge">#</code>
operator, or indirectly
+using the OgnlValueStack’s fallback to context lookup capability. As of Struts
6.4.0, the Set and Action Struts
+components require ActionContext access from OGNL expressions.</p>
<p>To disable access to the ActionContext from OGNL expressions, set the
following constants in your <code class="language-plaintext
highlighter-rouge">struts.xml</code> or
<code class="language-plaintext highlighter-rouge">struts.properties</code>
file. Please also refer to the documentation below for further details on these
configuration
