[
https://issues.apache.org/jira/browse/WW-4945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17257457#comment-17257457
]
Lukasz Lenart commented on WW-4945:
-----------------------------------
Some tags depend on such logic, I added a {{LOG#warn}} for now to determine the
impact on the users.
> TagUtils#buildNamespace should throw an exception when invocation is null
> -------------------------------------------------------------------------
>
> Key: WW-4945
> URL: https://issues.apache.org/jira/browse/WW-4945
> Project: Struts 2
> Issue Type: Bug
> Components: Core Tags
> Reporter: Lukasz Lenart
> Priority: Major
> Fix For: 2.6
>
>
> Right now {{TagUtils#buildNamespace}} will try to determine a namespace using
> {{Request}} in case where there is no action invocation available. This means
> a tag was used out of the action flow and JSP was exposed directly. This is
> against our recommendation and exception should be thrown instead.
> http://struts.apache.org/security/#never-expose-jsp-files-directly
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
