Invalid parsing of EL expression can lead to invalid EL expressions considered valid

Description

This is a fix for CVE-2020-10693 .

More details here: https://issues.redhat.com/browse/JBEAP-19087 .

Note that this is a problem only if developers include user input in the constraint violation message and do not properly escape it.

Environment

None
Fixed

Assignee

Yoann Rodière

Reporter

Guillaume Smet

Labels

None

Feedback Requested

None

Feedback Requested By

None

backPortable

None

Suitable for new contributors

None

Pull Request

backportDecision

None

backportReEvaluate

None

Components

Fix versions

Priority

Major
Configure