[
https://issues.apache.org/jira/browse/WW-4867?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16191163#comment-16191163
]
Lukasz Lenart commented on WW-4867:
-----------------------------------
Please post such questions to [the User Mailing
List|http://struts.apache.org/mail.html], you can also read the below
announcements and the linked Security Bulletins
http://struts.apache.org/announce.html#a20170307
http://struts.apache.org/announce.html#a20170307-2
> Apache Struts framework 1.1 and 2.x vulnerability clarification
> ---------------------------------------------------------------
>
> Key: WW-4867
> URL: https://issues.apache.org/jira/browse/WW-4867
> Project: Struts 2
> Issue Type: Temp
> Environment: apache Struts framework 1.1
> Reporter: Parthiban Palanisamy
> Priority: Trivial
> Labels: clarification, documentation, migration, security
>
> Hello,
> I'm the active user of apache Struts framework 1.1 and 2.x. Recently we
> learned that there is a vulnerability in Apache Struts' Jakarta Multipart
> parser as high risk. This may lead to warning of remote code execution (RCE)
> attacks that were evident at Equifax which lead to complete system
> compromises. So I would like to take your inputs and understand the recent
> vulnerability over RCE is also affected 1.1/1.x versions precisely.
> If yes, could you please support with your thoughts over next course of
> action to resolve the issue?
> Thanks and appreciate your support at the earliest.
> Regards,
> Parthiban
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
