Re: Security Vulnerability for Struts 1.3.10 in Struts 2.x

It's only "present" if you're using the Struts 1 plugin. Are you? On Thu, Apr 28, 2016 at 6:34 PM, Anu Krishna Rajamohan wrote: > Hi, > > As Apache Struts 1.x is pretty old and it suffers from many security > vulnerabilities, I decided to use a recent version of Apache Struts 2.x > (Struts 2.3

Security Vulnerability for Struts 1.3.10 in Struts 2.x

Hi, As Apache Struts 1.x is pretty old and it suffers from many security vulnerabilities, I decided to use a recent version of Apache Struts 2.x (Struts 2.3.24.1). However, I find that struts-core-1.3.10 jar is present in struts 2.x. Can you please let me know if the presence of this jar makes Str