Through the onboarding process, we realized there is an opportunity to release our developer environment setup as a guide for the community.

LunaSec Community

I haven't investigated any methods to patch this directly yet. And I'm not sure about baking changes. Does your software have testing for it? Are you using the createInterpolator method?

I am. From security team and post discussion with developer we found that they are not be able to update there project. Current they are not using createinterpolator method but we want to block this    so we can rest assured. 

I saw v1. 10  disable url dns &amp; script. So wondering if this can be done on 1.8. while our app team works on update

I'd recommend setting up a Regex on the code to alert if somebody ever tries to call "createInterpolator" manually. Then you can be alerted. (If that's a level of control that you have)

In terms of disabling this otherwise, I have no idea. I haven't looked into this deeply because this vulnerability isn't really a problem in the real world.