Struts 2 Cybersecurity Flaw Affects All Versions

  Veracode Reports New Apache Struts 2 Security Problem From Veracode: “On Aug. 22 [2018], the Apache Software Foundation announced that a new critical remote code execution vulnerability was found in Apache Struts 2 (CVE-2018-11776). According to the Semmle Security Research Team, who first identified and reported the vulnerability, this flaw is ‘more critical’ than the Struts vulnerability behind the massive data breach...

Read More

Struts 2 Does Not Solve the Security Problem – Moving to Spring Does

Struts 1 is End of Life Apache has made it clear that if you are using Struts 1, you need to move. The question was asked, “Given a major security problem or a serious bug is reported for Struts 1 in [the] near future, can we expect a new release with fixes?” Apache’s answer:
“As of now, actually no – that is what the EOL announcement essentially is about. Since the end of support is reached, you will either need to find...

Read More

Migrating Struts to Spring

  What’s Wrong With Struts? If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose sensitive personal information was exposed in a data breach at Equifax, one of the nation’s three major credit reporting agencies. Here are the facts, according to Equifax. The breach lasted from mid-May through July. The hackers accessed people’s names, Social Security numbers, birth...

Read More