Re: Which Struts Version to implement (with Patch for Equifax)

Just to clarify one thing: this was not a zero-day vulnerability [1] but it sounds better for journalists :\ [1] https://en.wikipedia.org/wiki/Zero-day_(computing) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ 2017-09-20 13:56 GMT+02:00 Martin Gainty : >

Re: Which Struts Version to implement (with Patch for Equifax)

David: the recommended hardened version for financial services industry is Struts 2.5.10.1..here is why: "If you are using Jakarta-based file upload Multipart parser, upgrade to Apache Struts version 2.3.32 or 2.5.10.1," Apache says in a March 6 security alert. "You can also switch to a