Greg,
On 10/20/23 11:52, Greg Huber wrote:
Remember seeing this, a maintained version of Struts 1. Might be work a
look.
https://github.com/weblegacy/struts1
This is interesting. I knew about this one:
https://github.com/kawasima/struts1-forever
But the weblegacy folks look *serious* about this: they even have a
Jakarta EE-compatible release.
-chris
On Thu, 19 Oct 2023 at 17:45, Alan F <shiva...@hotmail.com> wrote:
I am looking at security steps to mitigate issues with a 1.x Struts based
app.
I have recommended the following until an upgrade resource is available
Remove application from current shared datasource
Remediate high risk CVE scored vulnerabilities (x4 with high EPSS rating)
Reduce exposure to internal audience.
Create new db and instance for above isolated datasource
Would you take it further and ensure this runs on it's own separate Tomcat
instance?
Any other recommendations?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
