- Issue: addition of a 'org.apache.struts.taglib.html.Constants.CANCEL'
parameter to any request will cause validation to be skipped, but the rest of
the request processing / action invocation cycle to proceed normally
- Consequence: any action which proceeds assuming that validation has completed
successfully and which doesn't explicitly check isCanceled() is proceeding on a
The discussion of this issue began in the struts-user list:
The thread continued in struts-dev list:
Most people have agreed that this is a security-related issue.