struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christoph Nenning <>
Subject Re: Security Vulnerability for Struts 1.3.10 in Struts 2.x
Date Tue, 03 May 2016 08:43:45 GMT
> Hi,
> As Apache Struts 1.x is pretty old and it suffers from many security
> vulnerabilities, I decided to use a recent version of Apache Struts 2.x
> (Struts However, I find that struts-core-1.3.10 jar is 
> in struts 2.x. Can you please let me know if the presence of this jar 
> Struts 2.x vulnerable to security issues such as CVE-2012-1007
> <>.
> Thanks and Best Regards,
> Anu

Do you use maven or some other tool to manage dependencies?
Or did you download one of the zip files?

Struts2 has many plugins which have their own dependencies. The zip files 
contain that all. But for most apps it is not necessary. It is highly 
recommended to use dependency management to make sure you really get just 
those jars that you need.


This Email was scanned by Sophos Anti Virus

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message