### Key Information: - **Code Change Report**: This commit modifies the file `Jinja2BeanELResolverTest.java` located under the `el/ext` module of the `Jinja2` template engine. - **Changes Made**: The modification involves changing the invocation method of `AutoCloseableSupplier.AutoCloseableImpl`, as `AutoCloseableSupplier` is not supported in JDK 2.7 and related versions. Therefore, the implementation switches to using `Jinja2Interpreter.pushCurrent` and `Jinja2Interpreter.popCurrent` methods to manage the state of `Jinja2Interpreter`. - **Related Tests**: - `itDoesNotAllowAccessingPropertiesOfInterpreter`: Tests that prevents unauthorized access to properties of the `Jinja2Interpreter` object via `BeanELResolver`. - `itDoesNotGettingFromObjectMapper`: Tests that blocks object retrieval from `ObjectMapper`. - `itDoesNotAllowInvokingFromObjectMapper` and `itDoesNotAllowInvokingFromMethod`: Prevents invocation of `BeanELResolver`'s `invoke` method through `ObjectMapper` or custom methods; attempting such invocations will trigger a `NoSuchMethodException`. ### Key Vulnerability Information: - This commit likely addresses a potential security vulnerability in the `Jinja2` template engine. The primary goal is to restrict or eliminate malicious users from exploiting `BeanELResolver` to illegally access or manipulate `Jinja2Interpreter`, or to invoke protected system methods via `ObjectMapper` or other means. This suggests the existence of risks such as code injection or arbitrary code execution.