I can't comment on this at this time. I do see what you mean about the loop though. I suppose we can retract the build, address it then do another RC.
On Thu, Mar 26, 2026 at 8:06 AM Ulf Dittmer <[email protected]> wrote: > I'm not sure if > > https://github.com/apache/jspwiki/commit/a56dd0d191b77e9b82ea14c47033960d39ea3c50 > is working as intended, but it seems to break code. > > In the following code excerpt, the last if block is independent of the > loop, and thus should not be part of it. But more importantly, it disallows > access to any property starting with "jspwiki". I bet that lots of people > named some of their properties "jspwiki.something.something". If accessing > those no longer works, I think there might be quite a bit of breakage. > > That is likely not what people would expect from a dot-dot release; I sure > didn't :-) > > Ulf > > for( final String value : THE_BIG_NO_NO_LIST ) { > if( name.equals( value ) ) { > return ""; // FIXME: Should this be something different? > } > if ("jspwiki.frontpage".equals(name)) continue; > if ("jspwiki.runfilters".equals(name) ) continue; > > if ( name.startsWith( "jspwiki" ) ) { > LOG.warn("variable manager is denying access to '" + name + > "'"); > return ""; > } > } >
