Apache Struts security update disables vulnerable feature