[ https://issues.apache.org/jira/browse/WW-4891?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16333303#comment-16333303 ]
Yasser Zamani commented on WW-4891: ----------------------------------- (y)Thanks for your report, [~dleberre]! > Debug tag should not display anything when not in dev mode > ---------------------------------------------------------- > > Key: WW-4891 > URL: https://issues.apache.org/jira/browse/WW-4891 > Project: Struts 2 > Issue Type: Improvement > Components: Core Tags > Affects Versions: 2.5.14 > Reporter: Daniel Le Berre > Priority: Major > Fix For: 2.5.15 > > > I noticed that the debug tag displays the content of the value stack > independently of the value of devMode. > I wonder if it would not be more secure to do not display anything if > devMode=false. > I can imagine a developer forgetting to remove such kind of debug tags before > the app goes to production. Making it silent in production mode would reduce > the risk to display sensitive data. -- This message was sent by Atlassian JIRA (v7.6.3#76005)