Struts2 Development Mode Enabled
Description
This Apache Struts 2 web application is currently running with Development Mode (devMode) enabled. Development Mode is a configuration setting designed to assist developers during application development by providing enhanced logging, debugging information, and detailed error messages. While useful during development, this mode should never be enabled in production environments as it exposes internal application details, configuration information, and potentially sensitive data that could be leveraged by attackers.
Remediation
Disable Development Mode immediately by modifying the Struts 2 configuration. This can be accomplished in one of two ways:
Option 1: Edit the struts.xml configuration file and add or modify the following constant declaration:
<struts> <constant name="struts.devMode" value="false" /> </struts>
Option 2: Edit the default.properties or struts.properties file and set:
struts.devMode=false
After making this change, restart the application server to ensure the configuration takes effect. Verify that Development Mode is disabled by checking that detailed error messages and debugging information are no longer displayed to end users.