I am looking at security steps to mitigate issues with a 1.x Struts based app.
I have recommended the following until an upgrade resource is available Remove application from current shared datasource Remediate high risk CVE scored vulnerabilities (x4 with high EPSS rating) Reduce exposure to internal audience. Create new db and instance for above isolated datasource Would you take it further and ensure this runs on it's own separate Tomcat instance? Any other recommendations?
