UIBean.evaluateParams() grabs the nonce out of the session without first checking that it exists, causing an IllegalStateException to be thrown if the session has been invalidated. This breaks our use case where we invalidate a session, but still want to use ActionError to convey information to the user. It doesn't appear that this change relates to removing double evaluations, so I would consider this a regression.
This was introduced when refactoring to fix double evaluations:
The previous previous revision first checks that the key exists before attempting to pull it out: