[ https://issues.apache.org/jira/browse/WW-4601?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15491061#comment-15491061 ]
Lukasz Lenart edited comment on WW-4601 at 9/14/16 5:59 PM: ------------------------------------------------------------ 2.3.31 wasn't released yet, there are still some outstanding issues that must be resolved first. You can resolved this issue by implementing your own {{StaticContentLoader}} as I mentioned above. was (Author: lukaszlenart): 2.3.31 wasn't released yet, there are still some outstanding issue that must be resolved first. You can resolved this issue by implementing your own {{StaticContentLoader}} as I mentioned above. > webconsole can always be accessed > --------------------------------- > > Key: WW-4601 > URL: https://issues.apache.org/jira/browse/WW-4601 > Project: Struts 2 > Issue Type: Bug > Reporter: Alireza Fattahi > Assignee: Lukasz Lenart > Fix For: 2.3.31, 2.5.3 > > > It is possible that you get the webconsole.html in dev without having debug > in the stack trace > I found that you can access /stuts/webconsole.html to see this html. For > example (thanks jgeppert! ) : > {code} > http://struts.jgeppert.com/struts2-jquery-showcase/struts/webconsole.html > {code} > I wonder if this should be fixed and if this can be used for attackers. -- This message was sent by Atlassian JIRA (v6.3.4#6332)