https://bz.apache.org/bugzilla/show_bug.cgi?id=65736
--- Comment #6 from Rainer Jung ---
The history of forceString (thanks Remy) can be seen in the log message of svn
r1655312 or github d1cf73ab16da6fccde3c323e16b582be8d579008. I paste it here. I
am totally open to drop it, if it now turns out t
https://bz.apache.org/bugzilla/show_bug.cgi?id=65736
--- Comment #5 from quaff ---
I agree that "forceString" should be disabled by default and removed in future
version, It will increase safety, "you can configure the JNDI environment of
Tomcat" is more harder since it need another gadget, let's
https://bz.apache.org/bugzilla/show_bug.cgi?id=65736
--- Comment #4 from Remy Maucherat ---
The feature was added by Rainer in Jan 2015. The idea of the bean factory is to
avoid having to use custom object factories (personally: I think using custom
object factories is usually better), and this f
https://bz.apache.org/bugzilla/show_bug.cgi?id=65736
--- Comment #3 from Christopher Schultz ---
Honestly, any "feature" that significantly reduces security should be difficult
to enable. My initial reaction after reading that piece was "why is forceString
enabled by default?"
I don't know the h
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714
--- Comment #28 from Allan ---
(In reply to Mark Thomas from comment #27)
> (In reply to Allan from comment #25)
> > Hi Mark, I have carried out a number of connectivity tests. Result as
> > follow.
> >
> > Tomcat 8.5.72-4795df9 and 9.0.57-11
