lukaszlenart opened a new pull request, #1569: URL: https://github.com/apache/struts/pull/1569
## Summary - Add security warning to `TagUtils.getStack()` that logs when JSP tags are rendered outside of action scope - Warning is triggered when `ActionInvocation` is null or when the action is null (direct JSP access) - Warning message includes link to security documentation Fixes [WW-5294](https://issues.apache.org/jira/browse/WW-5294) ## Changes | File | Change | |------|--------| | `TagUtils.java` | Added ActionInvocation check with warning log | | `TagUtilsTest.java` | New test class with 5 test methods | | `ActionTagTest.java` | Updated mocks to expect `getAction()` call | ## Test plan - [x] `TagUtilsTest` - 5 tests covering all scenarios (null ActionInvocation, null action, valid action, security URL in message) - [x] All 578 tag-related tests pass - [x] No regressions in existing functionality 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
