(struts) branch WW-5364-populate-allowlist updated (33a5b2927 -> af758a5f1)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a change to branch WW-5364-populate-allowlist
in repository https://gitbox.apache.org/repos/asf/struts.git


from 33a5b2927 WW-5364 Modify XmlDocConfigurationProvider to be able to 
load into allowlist
 add d708fb77a WW-5364 Make allowlist classloader specific
 add 141591afe WW-5364 Implement provider allowlist
 add af758a5f1 WW-5364 Inject ProviderAllowlist into SecurityMemberAccess

No new revisions were added by this update.

Summary of changes:
 .../xwork2/config/impl/DefaultConfiguration.java   |  2 +
 .../StrutsDefaultConfigurationProvider.java|  2 +
 .../providers/XmlDocConfigurationProvider.java | 17 +++--
 .../xwork2/ognl/SecurityMemberAccess.java  | 16 ++--
 .../opensymphony/xwork2/util/ConfigParseUtil.java  | 11 +-
 .../org/apache/struts2/ognl/ProviderAllowlist.java | 43 ++
 core/src/main/resources/struts-beans.xml   |  1 +
 core/src/main/resources/struts-default.xml |  2 -
 8 files changed, 83 insertions(+), 11 deletions(-)
 create mode 100644 
core/src/main/java/org/apache/struts2/ognl/ProviderAllowlist.java

(struts) branch WW-5364-populate-allowlist updated (af758a5f1 -> 9ebdf8f69)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a change to branch WW-5364-populate-allowlist
in repository https://gitbox.apache.org/repos/asf/struts.git


 discard af758a5f1 WW-5364 Inject ProviderAllowlist into SecurityMemberAccess
 add 9ebdf8f69 WW-5364 Inject ProviderAllowlist into SecurityMemberAccess

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (af758a5f1)
\
 N -- N -- N   refs/heads/WW-5364-populate-allowlist (9ebdf8f69)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

No new revisions were added by this update.

Summary of changes:
 .../opensymphony/xwork2/ognl/SecurityMemberAccess.java | 18 +++---
 .../xwork2/ognl/SecurityMemberAccessTest.java  |  8 +++-
 2 files changed, 14 insertions(+), 12 deletions(-)

(struts) branch WW-5364-populate-allowlist updated (9ebdf8f69 -> 0c66125ed)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a change to branch WW-5364-populate-allowlist
in repository https://gitbox.apache.org/repos/asf/struts.git


omit 9ebdf8f69 WW-5364 Inject ProviderAllowlist into SecurityMemberAccess
omit 141591afe WW-5364 Implement provider allowlist
 add 9325855a9 WW-5364 Implement provider allowlist
 add 0c66125ed WW-5364 Inject ProviderAllowlist into SecurityMemberAccess

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (9ebdf8f69)
\
 N -- N -- N   refs/heads/WW-5364-populate-allowlist (0c66125ed)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

No new revisions were added by this update.

Summary of changes:
 .../org/apache/struts2/ognl/ProviderAllowlist.java | 18 ++
 1 file changed, 18 insertions(+)

(struts) branch WW-5364-populate-allowlist updated (0c66125ed -> 6a47136ed)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a change to branch WW-5364-populate-allowlist
in repository https://gitbox.apache.org/repos/asf/struts.git


from 0c66125ed WW-5364 Inject ProviderAllowlist into SecurityMemberAccess
 add 6a47136ed WW-5364 Enable allowlist for showcase

No new revisions were added by this update.

Summary of changes:
 apps/showcase/src/main/resources/struts.xml | 1 +
 1 file changed, 1 insertion(+)

(struts) branch WW-5364-populate-allowlist updated (6a47136ed -> 324f825dc)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a change to branch WW-5364-populate-allowlist
in repository https://gitbox.apache.org/repos/asf/struts.git


omit 6a47136ed WW-5364 Enable allowlist for showcase
 new 324f825dc WW-5364 Enable allowlist for showcase

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (6a47136ed)
\
 N -- N -- N   refs/heads/WW-5364-populate-allowlist (324f825dc)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java | 1 +
 1 file changed, 1 insertion(+)

(struts) 01/01: WW-5364 Enable allowlist for showcase

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a commit to branch WW-5364-populate-allowlist
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 324f825dc59e263ceae1400f6852140d238415eb
Author: Kusal Kithul-Godage 
AuthorDate: Fri Nov 24 20:12:17 2023 +1100

WW-5364 Enable allowlist for showcase
---
 apps/showcase/src/main/resources/struts.xml   | 1 +
 core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java | 1 +
 2 files changed, 2 insertions(+)

diff --git a/apps/showcase/src/main/resources/struts.xml 
b/apps/showcase/src/main/resources/struts.xml
index f73963de9..150b8e36d 100644
--- a/apps/showcase/src/main/resources/struts.xml
+++ b/apps/showcase/src/main/resources/struts.xml
@@ -33,6 +33,7 @@
 
 
 
+
 
 
 
diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java 
b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index 62e635fbc..331ddcc02 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -856,6 +856,7 @@ public class OgnlUtil {
 }
 
 SecurityMemberAccess memberAccess = 
container.getInstance(SecurityMemberAccess.class);
+memberAccess.useEnforceAllowlistEnabled(Boolean.FALSE.toString());
 
 if (devMode) {
 if (!warnReported.get()) {

(struts) branch WW-5364-populate-allowlist updated (324f825dc -> d431531c7)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a change to branch WW-5364-populate-allowlist
in repository https://gitbox.apache.org/repos/asf/struts.git


omit 324f825dc WW-5364 Enable allowlist for showcase
omit 0c66125ed WW-5364 Inject ProviderAllowlist into SecurityMemberAccess
omit 9325855a9 WW-5364 Implement provider allowlist
omit d708fb77a WW-5364 Make allowlist classloader specific
omit 33a5b2927 WW-5364 Modify XmlDocConfigurationProvider to be able to 
load into allowlist
 add ebdf01995 WW-5364 Modify XmlDocConfigurationProvider to be able to 
load into allowlist
 add 1d76bff95 WW-5364 Make allowlist classloader specific
 add 78e4cb617 WW-5364 Implement provider allowlist
 add dbb75d77e WW-5364 Inject ProviderAllowlist into SecurityMemberAccess
 add d431531c7 WW-5364 Enable allowlist for showcase

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (324f825dc)
\
 N -- N -- N   refs/heads/WW-5364-populate-allowlist (d431531c7)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

No new revisions were added by this update.

Summary of changes:
 .../xwork2/config/providers/XmlDocConfigurationProvider.java| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(struts) branch WW-5364-populate-allowlist updated (d431531c7 -> cf178dd14)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a change to branch WW-5364-populate-allowlist
in repository https://gitbox.apache.org/repos/asf/struts.git


omit d431531c7 WW-5364 Enable allowlist for showcase
omit dbb75d77e WW-5364 Inject ProviderAllowlist into SecurityMemberAccess
omit 78e4cb617 WW-5364 Implement provider allowlist
 add 198812fe8 WW-5364 Implement provider allowlist
 add 3bf3e5f8d WW-5364 Inject ProviderAllowlist into SecurityMemberAccess
 add ee442db9e WW-5364 Enable allowlist for showcase
 add cf178dd14 WW-5364 Add Struts components to allowlist

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (d431531c7)
\
 N -- N -- N   refs/heads/WW-5364-populate-allowlist (cf178dd14)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

No new revisions were added by this update.

Summary of changes:
 apps/showcase/src/main/resources/struts.xml|  6 +++
 .../providers/XmlDocConfigurationProvider.java | 10 ++--
 .../xwork2/ognl/SecurityMemberAccess.java  | 62 ++
 .../src/main/resources/struts-excluded-classes.xml | 12 +++--
 4 files changed, 80 insertions(+), 10 deletions(-)

(struts) branch WW-5364-populate-allowlist updated (cf178dd14 -> b6bd2ee1b)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a change to branch WW-5364-populate-allowlist
in repository https://gitbox.apache.org/repos/asf/struts.git


from cf178dd14 WW-5364 Add Struts components to allowlist
 add b6bd2ee1b WW-5364 Don't throw ConfigurationException on unloadable 
action or interceptor classes

No new revisions were added by this update.

Summary of changes:
 .../config/providers/XmlDocConfigurationProvider.java| 16 +---
 1 file changed, 9 insertions(+), 7 deletions(-)

(struts) branch WW-5364-populate-allowlist updated (b6bd2ee1b -> d7df9ce99)

[kusal]

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a change to branch WW-5364-populate-allowlist
in repository https://gitbox.apache.org/repos/asf/struts.git


omit b6bd2ee1b WW-5364 Don't throw ConfigurationException on unloadable 
action or interceptor classes
omit cf178dd14 WW-5364 Add Struts components to allowlist
 add 39c3e332d WW-5364 Add Struts components to allowlist
 add 6657e01f9 WW-5364 Don't throw ConfigurationException on unloadable 
action or interceptor classes
 add d7df9ce99 WW-5364 Replace some allowlist classes with packages

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (b6bd2ee1b)
\
 N -- N -- N   refs/heads/WW-5364-populate-allowlist (d7df9ce99)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

No new revisions were added by this update.

Summary of changes:
 apps/showcase/src/main/resources/struts.xml| 12 +++-
 .../xwork2/ognl/SecurityMemberAccess.java  | 64 +++---
 2 files changed, 17 insertions(+), 59 deletions(-)

(struts) branch release/struts-7-0-x updated (3013d9b95 -> cd93e4bb9)

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch release/struts-7-0-x
in repository https://gitbox.apache.org/repos/asf/struts.git


 discard 3013d9b95 Merge pull request #799 from apache/deprecated-plugins
omit f0eefea3e Delete remaining deprecated plugins
omit be4c2bc7d Delete unused files missed in previous PR
omit bf2d85ebe [WW-5141] Removes deprecated plugins (#798)
omit 0321d2777 Merge pull request #797 from apache/merge-forward-master
omit 219049773 Merge remote-tracking branch 'origin/master' into 
merge-forward-master
omit ed04c009c Merge pull request #794 from apache/fix/WW-5335-scorecards
omit 55a304bf0 WW-5335 Reverts adding release/struts-7-0-x branch to 
scorecards analysis Only the main branch is supported by this action
omit 321cf4634 Merge pull request #785 from apache/feature/prepares-for-7
omit dc13abaf8 WW-5335 Prepares for Java 17 & Struts 7.x
 add 3674d49ab Bump jackson.version from 2.15.3 to 2.16.0
 add d1bdc83f1 Merge pull request #796 from 
apache/dependabot/maven/jackson.version-2.16.0
 add 0fa58eab8 WW-5335 Prepares for Java 17 & Struts 7.x
 add 8e7dceb45 WW-5335 Reverts adding release/struts-7-0-x branch to 
scorecards analysis Only the main branch is supported by this action
 add 886290d68 [WW-5141] Removes deprecated plugins (#798)
 add a1ff157cb Delete unused files missed in previous PR
 add cd93e4bb9 Delete remaining deprecated plugins

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (3013d9b95)
\
 N -- N -- N   refs/heads/release/struts-7-0-x (cd93e4bb9)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

No new revisions were added by this update.

Summary of changes:
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(struts) branch fix/WW-5141-rebase created (now d76aed8e7)

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch fix/WW-5141-rebase
in repository https://gitbox.apache.org/repos/asf/struts.git


  at d76aed8e7 WN-5141

This branch includes the following new commits:

 new 6e93d719d WN-5141
 new bfbac0c19 WN-5141
 new cae8900b7 IPAGE-5141
 new 6d069ad16 WN-5141
 new 0170d0eb1 WN-5141
 new 07d3a27d4 WN-5141
 new a25503f77 WN-5141
 new b2c1a963a WN-5141
 new 05a1c77d1 WN-5141
 new 37dad4a31 WW-5141
 new 561a089cb Revert "WN-5141"
 new fe782e8e7 WN-5141
 new dbdf519e4 WN-5141
 new 36e9dc283 WN-5141
 new 814911b0e WN-5141
 new d6aa38e16 WN-5141
 new a1e48fcf3 WN-5141
 new cc00ab24d WN-5141
 new c3e2db183 WN-5141
 new 531329f41 WW-5141
 new e6a97bb8c WN-5141
 new 968d9b0e7 WN-5141
 new ba942d577 WW-5141
 new 0ae611194 WN-5141
 new bf30e3ed2 WN-5141
 new cb0dbd7d6 IPAGE-5141
 new 86ec267c2 WN-5141
 new adbf3eaa3 WN-5141
 new 2b7fb5720 WN-5141
 new dc79d98f0 WN-5141
 new 6f9daaf83 WN-5141
 new 3aab98ec8 WN-5141
 new 3d9e552e4 WN-5141
 new ea5027f59 WN-5141
 new 0ed3c66e4 WN-5141
 new 04fbf2593 WW-5141
 new b503424f4 WN-5141
 new e262a62df WN-5141
 new 9a4d0ad75 WN-5141
 new 485f808ac conversion to fileupload2
 new 5a826037c WW-5141
 new 96dfe8c0c Revert "WN-5141"
 new b7fade0b7 Revert "WN-5141"
 new b42eefc8e Revert "WN-5141"
 new aa453648b Revert "WN-5141"
 new 5c6eb524e Revert "WN-5141"
 new f5c201684 Revert "WN-5141"
 new b6087bf20 WN-5141
 new ff54d7092 WN-5141
 new 5d0bc2032 WN-5141
 new 642cad0b5 WN-5141
 new 5f3fd90b1 Revert "WN-5141"
 new 53e9724d1 WN-5141
 new 0364025d8 WN-5141
 new 5e1e7e258 WW-5141
 new d44890544 WN-5141
 new 8d3dcaa0c WN-5141
 new 351adddf7 WN-5141
 new 52d2c3bc3 WN-5141
 new dbf748c8a WN-5141
 new 73f0e12ae WW-5141
 new c7f2ab609 Revert "WN-5141"
 new 8583e9e75 Revert "WN-5141"
 new b3b70e563 Revert "WN-5141"
 new 35eff5bfc WN-5141
 new 03bdf21d6 Revert "WN-5141"
 new 065695d35 WN-5141
 new 8c605bbd7 WN-5141
 new c41ed5da4 WN-5141
 new 73bc036c4 Revert "WN-5141"
 new fb3073a0f WN-5141
 new d76aed8e7 WN-5141

The 72 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

(struts) branch fix/WW-5141-rebase deleted (was d76aed8e7)

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch fix/WW-5141-rebase
in repository https://gitbox.apache.org/repos/asf/struts.git


 was d76aed8e7 WN-5141

This change permanently discards the following revisions:

 discard d76aed8e7 WN-5141
 discard fb3073a0f WN-5141
 discard 73bc036c4 Revert "WN-5141"
 discard c41ed5da4 WN-5141
 discard 8c605bbd7 WN-5141
 discard 065695d35 WN-5141
 discard 03bdf21d6 Revert "WN-5141"
 discard 35eff5bfc WN-5141
 discard b3b70e563 Revert "WN-5141"
 discard 8583e9e75 Revert "WN-5141"
 discard c7f2ab609 Revert "WN-5141"
 discard 73f0e12ae WW-5141
 discard dbf748c8a WN-5141
 discard 52d2c3bc3 WN-5141
 discard 351adddf7 WN-5141
 discard 8d3dcaa0c WN-5141
 discard d44890544 WN-5141
 discard 5e1e7e258 WW-5141
 discard 0364025d8 WN-5141
 discard 53e9724d1 WN-5141
 discard 5f3fd90b1 Revert "WN-5141"
 discard 642cad0b5 WN-5141
 discard 5d0bc2032 WN-5141
 discard ff54d7092 WN-5141
 discard b6087bf20 WN-5141
 discard f5c201684 Revert "WN-5141"
 discard 5c6eb524e Revert "WN-5141"
 discard aa453648b Revert "WN-5141"
 discard b42eefc8e Revert "WN-5141"
 discard b7fade0b7 Revert "WN-5141"
 discard 96dfe8c0c Revert "WN-5141"
 discard 5a826037c WW-5141
 discard 485f808ac conversion to fileupload2
 discard 9a4d0ad75 WN-5141
 discard e262a62df WN-5141
 discard b503424f4 WN-5141
 discard 04fbf2593 WW-5141
 discard 0ed3c66e4 WN-5141
 discard ea5027f59 WN-5141
 discard 3d9e552e4 WN-5141
 discard 3aab98ec8 WN-5141
 discard 6f9daaf83 WN-5141
 discard dc79d98f0 WN-5141
 discard 2b7fb5720 WN-5141
 discard adbf3eaa3 WN-5141
 discard 86ec267c2 WN-5141
 discard cb0dbd7d6 IPAGE-5141
 discard bf30e3ed2 WN-5141
 discard 0ae611194 WN-5141
 discard ba942d577 WW-5141
 discard 968d9b0e7 WN-5141
 discard e6a97bb8c WN-5141
 discard 531329f41 WW-5141
 discard c3e2db183 WN-5141
 discard cc00ab24d WN-5141
 discard a1e48fcf3 WN-5141
 discard d6aa38e16 WN-5141
 discard 814911b0e WN-5141
 discard 36e9dc283 WN-5141
 discard dbdf519e4 WN-5141
 discard fe782e8e7 WN-5141
 discard 561a089cb Revert "WN-5141"
 discard 37dad4a31 WW-5141
 discard 05a1c77d1 WN-5141
 discard b2c1a963a WN-5141
 discard a25503f77 WN-5141
 discard 07d3a27d4 WN-5141
 discard 0170d0eb1 WN-5141
 discard 6d069ad16 WN-5141
 discard cae8900b7 IPAGE-5141
 discard bfbac0c19 WN-5141
 discard 6e93d719d WN-5141