Thanks for the reply. I am doing some research on the struts_1 framework and more specifically CVE-2016-1182. I totally get what you are saying, but I am trying to form a paper-trail to the vulnerability (CVE-2016-1182) for my Masters research.
I just need link document where Apache recognize the issue. I believe it was never fixed..so just the acknowledgement, something more concrete that this >> https://www.securityfocus.com/bid/91067
If you are familiar and can help me, i would greatly appreciate it