At LeanIX, we constantly challenge our services to be more secure. Today, we introduced new rules to the Integration API to improve the API's security standard.
Users of the Integration API are now limited while using JUEL syntax (Java Unified Expression Language) to mitigate potential risks of executing code. They will no longer be able to store configurations with methods like 'getClass', 'newInstance', and some more. Moreover, they need to limit to two opening brackets per expression, except if there are only numbers inside the expression or a reference to an indexOfForEach variable.
Users are still able to run all existing configurations. However, while saving any configuration change, the new version must abide by the latest security rules. Users will see an error message pop-up explaining the limitations and hinting at what needs to be done (e.g., using a newly provided helper method).