Apache Commons logo Apache Commons JEXL

Compatibility with previous release

Version 3.4 is source and binary compatible with 3.3.

Compatibility with older releases (< 3.3, 2.x)

Since 3.3 release, the default setting for permissions that determine which packages, classes and methods are accessible to scripts has been reduced to a very narrow set. When migrating from previous version of JEXL, this may result in breaking your application behavior ; this breaking change requires remediation in your code.

Despite the obvious inconvenience - our sincere apologies on the matter -, how much functional and semantic power is accessible through scripts has a real impact on your application security and stability ; that potential risk requires an informed review and conscious choice on your end.

To mitigate the change, you can revert to the previous behavior with one line of code (see JexlPermissions, JexlBuilder and JexlScriptEngine ) or use this opportunity to reduce exposure. Whether Files, URLs, networking, processes, class-loaders or reflection classes or whether loops or side effects are accessible are part of your choice to make.

What's new in 3.4:

Features and permissions are easier to define through new methods.

Some new syntaxes are introduced ; try/catch/finally (including with resources), an array-access safe navigation ((x?[y]), strict equality/inequality operators (===, !==), instanceof/!instanceof operators and more permissive structured literals.

New Features in 3.4:

JEXL-423: Add support for instanceof / !instanceof
JEXL-422: Add strict equality (===) and inequality (!==) operators
JEXL-421: ArrayBuilder: array type should reflect common class of its entries
JEXL-419: Add permission syntax to allow class/method/field
JEXL-418: Add try-catch-finally support
JEXL-408: Using JexlFeatures is tedious
JEXL-404: Support array-access safe navigation (x?[y])
JEXL-401: Captured variables should be read-only
JEXL-398: Allow 'trailing commas' or ellipsis while defining array, map and set literals

Bugs Fixed in 3.4:

JEXL-420: Error while comparing float and string value
JEXL-417: JexlArithmetic looses precision during arithmetic operator execution
JEXL-416: Null-valued pragma throws NPE in 3.3
JEXL-415: Incorrect template eval result
JEXL-414: SoftCache may suffer from race conditions
JEXL-412: Ambiguous syntax between namespace function call and map object definition.
JEXL-410: JexlFeatures: ctor does not enable all features
JEXL-409: Disable LEXICAL should disable LEXICAL_SHADE
JEXL-405: Recursive functions corrupt evaluation frame if reassigned
JEXL-403: Exception while evaluating template literal used in array assignment in loop.
JEXL-402: parse failed with empty return value.