Last week, The Apache Software Foundation released version 2.3.16.2 of Apache Struts, the open-source framework for creating Java web applications, to address a zero-day vulnerability. The issue should have been patched since early March.
In March, the Apache Struts group announced Struts 2.3.16.1, which fixed a couple of security issues: ClassLoader manipulation via request parameters, and an update to the Commons FileUpload library to prevent denial-of-service (DOS) attacks.
It turns out …
Comments are closed.
