[jira] [Work logged] (WW-5613) Add proper support for OGNL 3.4.10

Wed, 04 Feb 2026 10:48:07 -0800 


     [ 
https://issues.apache.org/jira/browse/WW-5613?focusedWorklogId=1003534&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1003534
 ]

ASF GitHub Bot logged work on WW-5613:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 04/Feb/26 18:47
            Start Date: 04/Feb/26 18:47
    Worklog Time Spent: 10m 
      Work Description: github-advanced-security[bot] commented on code in PR 
#1567:
URL: https://github.com/apache/struts/pull/1567#discussion_r2765497570


##########
core/src/main/java/org/apache/struts2/ognl/OgnlUtil.java:
##########
@@ -423,15 +424,18 @@
         for (TreeValidator validator : treeValidators) {
             validator.validate(tree, checkContext);
         }
-        Ognl.setValue(tree, (OgnlContext) context, root, value);
+        OgnlContext ognlContext = (OgnlContext) context;
+        withRoot(ognlContext, root, () -> Ognl.setValue(tree, ognlContext, 
root, value));
     }
 
+    @SuppressWarnings("unchecked")
     private <T> T ognlGet(String expr, Map<String, Object> context, Object 
root, Class<T> resultType, Map<String, Object> checkContext, TreeValidator... 
treeValidators) throws OgnlException {
         Object tree = toTree(expr);
         for (TreeValidator validator : treeValidators) {
             validator.validate(tree, checkContext);
         }
-        return (T) Ognl.getValue(tree, (OgnlContext) context, root, 
resultType);
+        OgnlContext ognlContext = (OgnlContext) context;
+        return withRoot(ognlContext, root, () -> (T) Ognl.getValue(tree, 
ognlContext, root, resultType));

Review Comment:
   ## OGNL Expression Language statement with user-controlled input
   
   OGNL Expression Language statement depends on a [user-provided value](1).
   OGNL Expression Language statement depends on a [user-provided value](2).
   
   [Show more 
details](https://github.com/apache/struts/security/code-scanning/1207)





Issue Time Tracking
-------------------

            Worklog Id:     (was: 1003534)
    Remaining Estimate: 0h
            Time Spent: 10m

> Add proper support for OGNL 3.4.10
> ----------------------------------
>
>                 Key: WW-5613
>                 URL: https://issues.apache.org/jira/browse/WW-5613
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core
>            Reporter: Lukasz Lenart
>            Priority: Minor
>             Fix For: 7.2.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> In OGNL 3.4.10 a fix was made to address an issue with lambda expressions 
> which was related to preserving root on OgnlContext, see this PRs for more 
> details:
> https://github.com/orphan-oss/ognl/pull/476
> https://github.com/orphan-oss/ognl/issues/472



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to