Re: Security Vulnerability for Struts 1.3.10 in Struts 2.x

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Anu, On 4/28/16 6:34 PM, Anu Krishna Rajamohan wrote: > As Apache Struts 1.x is pretty old and it suffers from many > security vulnerabilities, I decided to use a recent version of > Apache Struts 2.x (Struts 2.3.24.1). However, I find that > struts

Re: Security Vulnerability for Struts 1.3.10 in Struts 2.x

> Hi, > > As Apache Struts 1.x is pretty old and it suffers from many security > vulnerabilities, I decided to use a recent version of Apache Struts 2.x > (Struts 2.3.24.1). However, I find that struts-core-1.3.10 jar is present > in struts 2.x. Can you please let me know if the presence of this

Re: Security Vulnerability for Struts 1.3.10 in Struts 2.x

It's only "present" if you're using the Struts 1 plugin. Are you? On Thu, Apr 28, 2016 at 6:34 PM, Anu Krishna Rajamohan wrote: > Hi, > > As Apache Struts 1.x is pretty old and it suffers from many security > vulnerabilities, I decided to use a recent version of Apache Struts 2.x > (Struts 2.3

Security Vulnerability for Struts 1.3.10 in Struts 2.x

Hi, As Apache Struts 1.x is pretty old and it suffers from many security vulnerabilities, I decided to use a recent version of Apache Struts 2.x (Struts 2.3.24.1). However, I find that struts-core-1.3.10 jar is present in struts 2.x. Can you please let me know if the presence of this jar makes Str