Hello, we have some very old internal apps that are still using Struts 1. Does
this alert apply to Struts 1 or only Struts 2? It says 2.3.36 or prior so I'm
not sure.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-131
CONFIDENTIALITY NOTICE: This communication with its contents m
Struts 2.
-Original Message-
From: Deborah White
Sent: Wednesday, November 14, 2018 1:34 PM
To: user@struts.apache.org
Subject: Question
Hello, we have some very old internal apps that are still using Struts 1. Does
this alert apply to Struts 1 or only Struts 2? It says 2.3.36 or pri
The Apache Struts Project Team would like to inform you that the
Struts 2.3.x web framework will reach its end of life in 6 months and
won’t be longer officially supported.
https://struts.apache.org/announce#a20181114
This announcement takes place on 2018-11-14 and starting from that
date we will
śr., 14 lis 2018 o 19:34 Deborah White napisał(a):
>
> Hello, we have some very old internal apps that are still using Struts 1.
> Does this alert apply to Struts 1 or only Struts 2? It says 2.3.36 or prior
> so I'm not sure.
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-131
I would think it pertains to Struts 1 applications since the finding is
for any use of Apache Commons FileUpload before 1.3.3. The latest
version of Struts 1 used commons-fileupload-1.0.jar. Not many
applications use the library so you may be able to just remove the jar
from your application. I
5 matches
Mail list logo