diff --git a/java/ql/lib/semmle/code/java/frameworks/struts/Struts2Serializability.qll b/java/ql/lib/semmle/code/java/frameworks/struts/Struts2Serializability.qll
index 8768b61cec2..cb8b876be7a 100644
--- a/java/ql/lib/semmle/code/java/frameworks/struts/Struts2Serializability.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/struts/Struts2Serializability.qll
@@ -36,7 +36,12 @@ private class Struts2ActionField extends DeserializableField {
     exists(Struts2DeserializableType superType |
       superType = this.getDeclaringType().getAnAncestor() and
       not superType instanceof TypeObject and
-      superType.fromSource()
+      superType.fromSource() and
+      (
+        this.isPublic()
+        or
+        exists(SetterMethod setter | setter.getField() = this and setter.isPublic())
+      )
     )
   }
 }