[ https://issues.apache.org/jira/browse/STR-3225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16593548#comment-16593548 ]
Lukasz Lenart commented on STR-3225: ------------------------------------ Struts 1 is EOL and we do not perform any tests against this version. In theory this version should not be impacted as it doesn't relay on OGNL. > Want confiramtion CVE: CVE-2018-11776 vulnerability is also impacted > Struts1.x ? > --------------------------------------------------------------------------------- > > Key: STR-3225 > URL: https://issues.apache.org/jira/browse/STR-3225 > Project: Struts 1 > Issue Type: Bug > Components: Core > Affects Versions: 1.3.10 > Environment: Linux + Apache tomcat 9.0.5+ struts 1.3.10 > Reporter: sushil > Priority: Major > Fix For: Pending Review > > > Our Product released stop because Struts is impacted of CVE-2018-11776 .So > we need confirmation is also impacted struts 1.3.10 if so do we have any > workaround for same. -- This message was sent by Atlassian JIRA (v7.6.3#76005)