czw., 25 wrz 2025 o 09:59 Rahul Kumar <[email protected]> napisaĆ(a):
> Hi all, > Hi, you must subscribe to the mailing list to get notifications > I noticed that struts2-core 7.0.3 still ships with some dependencies that > contain known vulnerabilities. From what I can see, the upstream projects > have already addressed these CVEs in their latest releases. > > Are there plans to update these dependencies in an upcoming Struts > release? If helpful, I can share the specific dependencies and CVEs I found. > Dependabot is taking care of that, here is a list of updates in incoming 7.1.0 version https://github.com/apache/struts/releases/tag/STRUTS_7_1_0 [image: image.png] > Images are not allowed Cheers Lukasz
