struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Bush <jtb...@mchsi.com>
Subject Re: Question
Date Thu, 15 Nov 2018 00:16:15 GMT
I would think it pertains to Struts 1 applications since the finding is 
for any use of Apache Commons FileUpload before 1.3.3. The latest 
version of Struts 1 used commons-fileupload-1.0.jar. Not many 
applications use the library so you may be able to just remove the jar 
from your application. If you don't find that's possible I have had 
success dropping in newer versions of commons-fileupload to replace the 
older. I haven't attempted it to a Struts 1 application though.

John B

On 11/14/2018 12:41 PM, Eric Reed wrote:
> Struts 2.
>
>
> -----Original Message-----
> From: Deborah White<Deborah.White@doj.ca.gov>
> Sent: Wednesday, November 14, 2018 1:34 PM
> To:user@struts.apache.org
> Subject: Question
>
> Hello, we have some very old internal apps that are still using Struts 1.  Does this
alert apply to Struts 1 or only Struts 2?  It says 2.3.36 or prior so I'm not sure.
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031
>
> CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential
and/or legally privileged information. It is solely for the use of the intended recipient(s).
Unauthorized interception, review, use or disclosure is prohibited and may violate applicable
laws including the Electronic Communications Privacy Act. If you are not the intended recipient,
please contact the sender and destroy all copies of the communication.
>
>
>
>
> Confidentiality Notice
>
> This email including all attachments is confidential and intended solely for the use
of the individual or entity to which it is addressed. This communication may contain information
that is protected from disclosure under State and/or Federal law. Please notify the sender
immediately if you have received this communication in error and delete this email from your
system. If you are not the intended recipient you are notified that disclosing, copying, distributing
or taking any action in reliance on the contents of this information is strictly prohibited.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:user-unsubscribe@struts.apache.org
> For additional commands, e-mail:user-help@struts.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message