I would think it pertains to Struts 1 applications since the finding is
for any use of Apache Commons FileUpload before 1.3.3. The latest
version of Struts 1 used commons-fileupload-1.0.jar. Not many
applications use the library so you may be able to just remove the jar
from your application. I
śr., 14 lis 2018 o 19:34 Deborah White napisał(a):
>
> Hello, we have some very old internal apps that are still using Struts 1.
> Does this alert apply to Struts 1 or only Struts 2? It says 2.3.36 or prior
> so I'm not sure.
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-131
The Apache Struts Project Team would like to inform you that the
Struts 2.3.x web framework will reach its end of life in 6 months and
won’t be longer officially supported.
https://struts.apache.org/announce#a20181114
This announcement takes place on 2018-11-14 and starting from that
date we will
Struts 2.
-Original Message-
From: Deborah White
Sent: Wednesday, November 14, 2018 1:34 PM
To: user@struts.apache.org
Subject: Question
Hello, we have some very old internal apps that are still using Struts 1. Does
this alert apply to Struts 1 or only Struts 2? It says 2.3.36 or pri
Hello, we have some very old internal apps that are still using Struts 1. Does
this alert apply to Struts 1 or only Struts 2? It says 2.3.36 or prior so I'm
not sure.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-131
CONFIDENTIALITY NOTICE: This communication with its contents m
5 matches
Mail list logo
