[ https://issues.apache.org/jira/browse/VELTOOLS-163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sergiu Dumitriu closed VELTOOLS-163. ------------------------------------ Resolution: Duplicate Fix Version/s: (was: 3.0) > Apache Struts Vulnerabilities - Velocity Tool (2.0) > --------------------------------------------------- > > Key: VELTOOLS-163 > URL: https://issues.apache.org/jira/browse/VELTOOLS-163 > Project: Velocity Tools > Issue Type: Bug > Components: VelocityStruts > Reporter: Pankaj Singh > Assignee: Claude Brisson > Priority: Critical > > Velocity Tools version 2.0 uses struts 1.3.8 which has associated > vulnerabilities: > Struts 1 > • CVE-2014-0114 – > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114 > Strut 2 > • CVE-2014-0113 – > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0113 > • CVE-2014-0112 - > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112 > • CVE-2014-0094 - > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094 > The desired remediation goal for all affected applications is to update the > respective Apache Struts component to version 2.3.16.3. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@velocity.apache.org For additional commands, e-mail: dev-h...@velocity.apache.org