- Fixes potential security vulnerability in accessing public fields via ObjectPropertyAccessor, see #265, #264 - thanks to jefferyxhy
- Fixes IllegalArgumentException: Passes instance of MemberAccess to OgnlContext, see #162 - thanks to oosato-im
- Fixes IllegalArgumentException: Can't decide which method to use, see #159 - thanks to harawata
- Avoid illegal reflective access when possible and use public method, see #144 - thanks to harawata
- avoid collecting stacktrace when building an OgnlException, see #138 - thanks to davoustp
- as from this release OGNL requires Java 8 at least
- fixes issue with Eclipse JDT by explicitly casting the Enum#compareTo argument, see #139 - thanks to harawata
- uses
MemberAccessto create a new default context to avoid NPE #118 - thanks to zhuster
- un-deprecates previously deprecated API by providing missing instance of
MemberAccess#114 - thanks to lukaszlenart
- makes AST classes public #115 - thanks to sebthom
- un-deprecates previously deprecated API by providing missing instance of
MemberAccess#114 - thanks to lukaszlenart
- adds support for null varargs #113 - thanks to lukaszlenart
- updates
isMethodCallable()logic, re-introduce its usage forgetReadMethod()#110 - thanks to JCgH4164838Gh792C124B5 - introduces
AbstractMemberAccessto allow create it on-fly #109 - thanks to lukaszlenart - bumps junit from 4.12 to 4.13.1 #108 - thanks to dependabot
- minor cleanups related to previous 3.1.x merges #107 - thanks to JCgH4164838Gh792C124B5
- fixes resolve race condition when there are to many threads since #106 - thanks to rolandhe
- fixes
OgnlRuntime#getReadMethod()returnsnullif the method is a bridge method #104 - thanks to harawata
- DefaultClassResolver should resolve classes in the default package #93 - thanks to Iwao AVE!
- Resolves problem with setting varargs parameter #92 - thanks to Łukasz Lenart
- Various minor cleanup changes #85 - thanks to JCgH4164838Gh792C124B5
- add expression max length functionality to improve security #82 - thanks to Yasser Zamani
- plus additional enhancements related to max length functionality #87 - thanks to JCgH4164838Gh792C124B5
- improves getter/setter detection algorithm #75 - thanks to JCgH4164838Gh792C124B5
- enhances cache clearing #77 - thanks to JCgH4164838Gh792C124B5
- does not fail on getDeclaredXXX when user has used a SecurityManager #79 - thanks to Yasser Zamani
- add expression max length functionality to improve security #82 - thanks to Yasser Zamani
- plus additional enhancements related to max length functionality #87 - thanks to JCgH4164838Gh792C124B5
- improves getter/setter detection algorithm #75 - thanks to JCgH4164838Gh792C124B5
- enhances cache clearing #77 - thanks to JCgH4164838Gh792C124B5
- does not fail on getDeclaredXXX when user has used a SecurityManager #79 - thanks to Yasser Zamani
- Fixes to compare non-comparable objects by equals only #78 - thanks to peteruhnak
- Adds optional Security Manager to allow run expressions in a sandbox #69 - thanks to Yasser Zamani
- Restores unrestricted access to public static fields #67 - thanks to JCgH4164838Gh792C124B5
- Upgrades to Javassist 3.24.1 to restore support for Java 7 #65 - thanks to JCgH4164838Gh792C124B5
- Minor cleanups for
DefaultMemberAccessrestoremethod #61 - thanks to JCgH4164838Gh792C124B5
MemberAccessdoes not support private static field. #59 - thanks to hengyunabc
getDeclaredMethods()searches super-interfaces recursively. #55 - thanks to Iwao AVE!- allows override a strategy for loading a class on
DefaultClassResolve#50 - thanks to Iwao AVE!
getDeclaredMethods()searches super-interfaces recursively. #55 - thanks to Iwao AVE!
- allows override a strategy for loading a class on
DefaultClassResolve#50 - thanks to kazuki43zoo
- supports concurrency in
DefaultClassResolver#46 - thanks to kazuki43zoo
- collects only default methods when scanning interfaces #40 - thanks to Iwao AVE!
- makes
OgnlContexta bit more immutableTypeConvertercan be set only when creating a new context, the setter won't work anymore- Implementation of the
MemberAccessis required when crearting a new context, you must always provide your own DefaultMemberAccessis only available in tests, it won't be used when there was no customMemberAccessprovided, an exception will be thrown in such case
- sets source and target in
pom.xmlto Java 1.7 - makes better decisions on methods first call #39 - thanks to Yasser Zamani
- fixes access to property which reads method is Java 8 default method #33 - thanks to Yanming Zhou
- drops access to
#contextand_classResolvervia a magic keys - thanks to Łukasz Lenart
- fixes issue with returning the
hasCodemethod when looking for a fieldcode#32 - thanks to Łukasz Lenart
- fixes issue with returning default methods from interfaces implemented by parent class #30 - thanks to Vlastimil Dolejš
- Does not treat negative numbers as an arithmetic operation #28 - thanks to Łukasz Lenart
- Drops access to
_memeberAccessfield via a magic key - thanks to Łukasz Lenart
- Exposes flags to allow check if an expression is a chain or an arithmetic operation or a simple method - thanks to Łukasz Lenart
- fixes automatic type conversion to avoid
double boxing#25/#26 - thanks to Christian Niessner from secadm GmbH
- fixes issue with selecting overloaded methods #23/#24 - thanks to Christian Niessner from secadm GmbH
- fixes issue with executing expressions on Java 8 plus adds an
java likemethod matching #19 - thanks to marvkis
- Exposes flag to allow check if an expression is a sequence of simple expressions - thanks to Łukasz Lenart
- Fixes accessing statics within Enums OGNL-158 - thanks to Aleksandr Mashchenko
- OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash collisions was fixed OGNL-252 - thanks to Carlos Saona
- support for boolean expression in Strings was added, this can break backward compatibility #8 - thanks to Daniel Fernández
- lots of optimizations which should improve overall performance #9, #10, #11, #12 - thanks to Daniel Fernández
- OGNL supports default methods in interfaces (Java 8) OGNL-249
- fixes problem with cacheKey too expensive to create WW-4485 - thanks to Jasper Rosenberg
- regression bug in ognl for "is..." property getters WW-4462 -
if expression doesn't end with
()is considered as a name of property a not the method itself thanks to Jasper Rosenberg
- replaced IntHashMap with ConcurrentMap to avoid deadlocks WW-4451 - thanks to Jasper Rosenberg
- added better capitalization logic for methods WW-3909 - thanks to Iwen.ma
- uses better method to calculate method's cache key WW-4113 - thanks to Kevin Su
- important performance improvement OGNL-224 - thanks to Pelladi Gabor
- race condition fix OGNL-226 - thanks to Johno Crawford
- partially reverts previous changes to allow OGNL to work in environment with Security Manager enabled WW-3746
- Adds possibility to discover eval chain
- small fix to improve performance WW-3580
- small fix to solve a problem with compiling under JDK5
- Javassist added back as a dependency WW-3544