freemarker-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacques Le Roux <>
Subject Use TemplateClassResolver.SAFER_RESOLVER by default
Date Sun, 17 May 2020 06:41:31 GMT

After reading I wonder why
we have not TemplateClassResolver.SAFER_RESOLVER[1] used 
by default, like there is:

     The api_builtin_enabled configuration setting must be set to true. Its default is
false (at least as of 2.3.22) for not lowering the security of 
existing applications.[2]

Is there a reason?




  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message