[
https://issues.apache.org/jira/browse/WW-4601?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15491061#comment-15491061
]
Lukasz Lenart edited comment on WW-4601 at 9/14/16 5:59 PM:
------------------------------------------------------------
2.3.31 wasn't released yet, there are still some outstanding issues that must
be resolved first. You can resolved this issue by implementing your own
{{StaticContentLoader}} as I mentioned above.
was (Author: lukaszlenart):
2.3.31 wasn't released yet, there are still some outstanding issue that must be
resolved first. You can resolved this issue by implementing your own
{{StaticContentLoader}} as I mentioned above.
> webconsole can always be accessed
> ---------------------------------
>
> Key: WW-4601
> URL: https://issues.apache.org/jira/browse/WW-4601
> Project: Struts 2
> Issue Type: Bug
> Reporter: Alireza Fattahi
> Assignee: Lukasz Lenart
> Fix For: 2.3.31, 2.5.3
>
>
> It is possible that you get the webconsole.html in dev without having debug
> in the stack trace
> I found that you can access /stuts/webconsole.html to see this html. For
> example (thanks jgeppert! ) :
> {code}
> http://struts.jgeppert.com/struts2-jquery-showcase/struts/webconsole.html
> {code}
> I wonder if this should be fixed and if this can be used for attackers.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
