close

Filter

Release Notes / Version 12.2412.0
Table Of Contents

The configuration of Freemarker’s new_builtin_class_resolver is now by default allows_nothing instead of unrestricted and configurable by setting the property freemarker.new_builtin_class_resolver to either unrestricted, safer or {{allows_nothing}}for security reasons. See https://freemarker.apache.org/docs/api/freemarker/template/Configuration.html and https://freemarker.apache.org/docs/app_faq.html for more information.

Note that this fix was applied for security reasons and is only breaking for projects using Freemarker templates with java code execution.

(CMS-27252)

Was this article useful?

Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.