Release Notes / Version 12.2412.0
Table Of Contents
The configuration of Freemarker’s
new_builtin_class_resolver
is now by default allows_nothing
instead of
unrestricted
and configurable by setting the
property freemarker.new_builtin_class_resolver
to
either unrestricted
, safer
or
{{allows_nothing}}for security reasons. See
https://freemarker.apache.org/docs/api/freemarker/template/Configuration.html
and
https://freemarker.apache.org/docs/app_faq.html
for more information.
Note that this fix was applied for security reasons and is only breaking for projects using Freemarker templates with java code execution.
(CMS-27252)
Was this article useful?