From 40ab7a776a18786ab6c9b05243c06f6c3b514ea8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 01:20:28 +0000 Subject: [PATCH 1/3] Bump org.apache.maven.plugins:maven-failsafe-plugin from 3.2.5 to 3.3.0 Bumps [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) from 3.2.5 to 3.3.0. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.2.5...surefire-3.3.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-failsafe-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- apps/showcase/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/showcase/pom.xml b/apps/showcase/pom.xml index 551ef179dd..228a8b3968 100644 --- a/apps/showcase/pom.xml +++ b/apps/showcase/pom.xml @@ -157,7 +157,7 @@ org.apache.maven.plugins maven-failsafe-plugin - 3.2.5 + 3.3.0 it.org.apache.struts2.showcase.*Test From 7762d7fba294ad9f194c518f1d286647b130c4a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 01:40:34 +0000 Subject: [PATCH 2/3] Bump actions/upload-artifact from 4.3.3 to 4.3.4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.3 to 4.3.4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/65462800fd760344b1a7b4382951275a0abb4808...0b2256b8c012f0828dc542b3febcab082c67f72b) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards-analysis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml index 2b55504fb2..7f4e9b5e40 100644 --- a/.github/workflows/scorecards-analysis.yaml +++ b/.github/workflows/scorecards-analysis.yaml @@ -57,7 +57,7 @@ jobs: publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # 4.3.3 + uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # 4.3.4 with: name: SARIF file path: results.sarif From 9fe1a4a031ecb5b575a1d02489bb52428fa89068 Mon Sep 17 00:00:00 2001 From: Kusal Kithul-Godage Date: Tue, 9 Jul 2024 03:56:17 +1000 Subject: [PATCH 3/3] WW-5428 Stop excessive logging in DevMode --- .../xwork2/ognl/SecurityMemberAccess.java | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java b/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java index f225b3c89c..333fd276a4 100644 --- a/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java +++ b/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java @@ -224,7 +224,6 @@ public boolean isAccessible(Map context, Object target, Member member, String pr */ protected boolean checkAllowlist(Object target, Member member) { if (!enforceAllowlistEnabled) { - logAllowlistDisabled(); return true; } @@ -259,21 +258,6 @@ protected boolean checkAllowlist(Object target, Member member) { return true; } - private void logAllowlistDisabled() { - if (!isDevMode && !LOG.isDebugEnabled()) { - return; - } - String msg = "OGNL allowlist is disabled!" + - " We strongly recommend keeping it enabled to protect against critical vulnerabilities." + - " Set the configuration `{0}=true` to enable it."; - Object[] args = {StrutsConstants.STRUTS_ALLOWLIST_ENABLE}; - if (isDevMode) { - LOG.warn(msg, args); - } else { - LOG.debug(msg, args); - } - } - private void logAllowlistHibernateEntity(Object original, Object resolved) { if (!isDevMode && !LOG.isDebugEnabled()) { return;