[jira] [Resolved] (WW-4891) Debug tag should not display anything when not in dev mode

Yasser Zamani (JIRA) Sat, 20 Jan 2018 06:38:19 -0800

     [ 
https://issues.apache.org/jira/browse/WW-4891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Yasser Zamani resolved WW-4891.
-------------------------------
    Resolution: Fixed

PR got merged, thanks [~Hedju Hor]!

> Debug tag should not display anything when not in dev mode
> ----------------------------------------------------------
>
>                 Key: WW-4891
>                 URL: https://issues.apache.org/jira/browse/WW-4891
>             Project: Struts 2
>          Issue Type: Improvement
>          Components: Core Tags
>    Affects Versions: 2.5.14
>            Reporter: Daniel Le Berre
>            Priority: Major
>             Fix For: 2.5.15
>
>
> I noticed that the debug tag displays the content of the value stack 
> independently of the value of devMode.
> I wonder if it would not be more secure to do not display anything if 
> devMode=false.
> I can imagine a developer forgetting to remove such kind of debug tags before 
> the app goes to production. Making it silent in production mode would reduce 
> the risk to display sensitive data.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (WW-4891) Debug tag should not display anything when not in dev mode

Reply via email to