Daniel Le Berre created WW-4891:
-----------------------------------
Summary: Debug tag should not display anything when not in dev mode
Key: WW-4891
URL: https://issues.apache.org/jira/browse/WW-4891
Project: Struts 2
Issue Type: Improvement
Components: Core Tags
Affects Versions: 2.5.14
Reporter: Daniel Le Berre
I noticed that the debug tag displays the content of the value stack
independently of the value of devMode.
I wonder if it would not be more secure to do not display anything if
devMode=true.
I can imagine a developer forgetting to remove such kind of debug tags before
the app goes to production. Making it silent in production mode would reduce
the risk to display sensitive data.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
