Hi, It looks like you want to upgrade from Struts 1 to Struts 2 which are two totally different beasts. In such case replacing JARs won't work, you must rewrite the web layer part.
Read these http://struts.apache.org/docs/migration-guide.html#MigrationGuide-Struts1toStruts2 http://stackoverflow.com/questions/7817323/migration-from-struts1-to-struts2 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ 2016-12-21 6:11 GMT+01:00 Muthiraparambil Somasundaram, Jeril < jeril.somasunda...@cba.com.au>: > Hi Lukasz/Team, > > > > We do not use Maven. Do you think replacing struts jar file in the below > location should suffice? > > > > > > > > > > Below is from version 2.3.31 package. Would you be able to advise which of > these jar files needs to be used to replace the current one for an upgrade? > > > > > > > > Thanks, > > Jeril > > +61450204750 <+61%20450%20204%20750> > > > > > > *From:* Lukasz Lenart [mailto:lukaszlen...@apache.org > <lukaszlen...@apache.org>] > *Sent:* Friday, 2 December 2016 7:42 PM > *To:* Davis, Geethu <geethu.da...@cba.com.au> > *Cc:* secur...@struts.apache.org; Muthiraparambil Somasundaram, Jeril < > jeril.somasunda...@cba.com.au>; Kannoly, Arathy <arathy.kann...@cba.com.au > > > *Subject:* Re: Apache Struts Upgrade to version 2.3.31 > > > > Hi, > > > > It all depends how do you manage dependencies, do you use Maven or > manually by putting jars in WEB-INF/lib? In most cases replacing jars > should be enough. And please ask such common questions via Struts Users > Mailing List <user@struts.apache.org> as this list is used to report and > discuss security vulnerabilities. > > > > > > Regards > > -- > > Łukasz > + 48 606 323 122 <606%20323%20122> http://www.lenart.org.pl/ > > > > 2016-12-02 7:01 GMT+01:00 Davis, Geethu <geethu.da...@cba.com.au>: > > Hi team, > > > > Could you please help with this request? > > > > Thanks, > > Geethu > > *Commonwealth* Bank > > [image: ITSMO_Logo] > > *ITSMO, driving an Always Available Bank* > > > > *Geethu Davis* > > *TCS Equities Support* > > IT Service Management and Operations > > Enterprise Services > > P: +91 484 6189534 <+91%20484%20618%209534> > > E geethu.da...@cba.com.au > > > > *Our vision is **to excel at securing and enhancing the financial > wellbeing of people, businesses and communities* > > > > *From:* Davis, Geethu > *Sent:* Wednesday, 30 November 2016 12:40 AM > *To:* 'Johannes Geppert' <jo...@apache.org>; secur...@struts.apache.org > *Cc:* Muthiraparambil Somasundaram, Jeril <jeril.somasunda...@cba.com.au> > *Subject:* RE: Apache Struts Upgrade to version 2.3.31 > > > > Hi Johannes, > > > > Thanks for the link. However, could you please provide step wise > instructions for the installation? > > > > Thanks, > > Geethu > > *Commonwealth* Bank > > [image: ITSMO_Logo] > > *ITSMO, driving an Always Available Bank* > > > > *Geethu Davis* > > *TCS Equities Support* > > IT Service Management and Operations > > Enterprise Services > > P: +91 484 6189534 <+91%20484%20618%209534> > > E geethu.da...@cba.com.au > > > > *Our vision is **to excel at securing and enhancing the financial > wellbeing of people, businesses and communities* > > > > *From:* Johannes Geppert [mailto:jo...@apache.org <jo...@apache.org>] > *Sent:* Tuesday, 15 November 2016 8:04 PM > *To:* secur...@struts.apache.org; Davis, Geethu <geethu.da...@cba.com.au> > *Subject:* Re: Apache Struts Upgrade to version 2.3.31 > > > > Hi Geethu, > > > > Just click on the link "Version Notes" to see the release notes for this > special release. > > > > http://struts.apache.org/docs/version-notes-2331.html > > > > Best Regards > > > > Johannes > > > ################################################# > > web: http://www.jgeppert.com > > twitter: http://twitter.com/jogep > > > > > > 2016-11-15 15:18 GMT+01:00 Davis, Geethu <geethu.da...@cba.com.au>: > > Hi Team, > > > > One of the Windows 2008 R2 servers managed by our team has been found to > have Apache Struts version 2.3.16.3 installed in it. As our security team > has informed that this version has multiple security remote code execution > vulnerabilities, we are planning to upgrade this to version 2.3.31. > > > We have downloaded the zip file from the below page. Could you please > provide us with any release notes/instructions on re-installation so that > we could prepare a runsheet for the same? This is to be handed over to the > server support team. Any assistance is appreciated. > > > > http://struts.apache.org/download.cgi > > [image: cid:image002.jpg@01D24CBD.B50D8DE0] > > > > Thanks, > Geethu > > *Commonwealth* Bank > > [image: ITSMO_Logo] > > *ITSMO, driving an Always Available Bank* > > > > *Geethu Davis* > > *TCS Equities Support* > > IT Service Management and Operations > > Enterprise Services > > P: +91 484 6189534 <+91%20484%20618%209534> > > E geethu.da...@cba.com.au > > > > *Our vision is **to excel at securing and enhancing the financial > wellbeing of people, businesses and communities* > > > > > ************** IMPORTANT MESSAGE ***************************** > This e-mail message is intended only for the addressee(s) and contains > information which may be > confidential. > If you are not the intended recipient please advise the sender by return > email, do not use or > disclose the contents, and delete the message and any attachments from > your system. Unless > specifically indicated, this email does not constitute formal advice or > commitment by the sender > or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its > subsidiaries. > We can be contacted through our web site: commbank.com.au. > If you no longer wish to receive commercial electronic messages from us, > please reply to this > e-mail by typing Unsubscribe in the subject line. > ************************************************************** > > > > > ************** IMPORTANT MESSAGE ***************************** > This e-mail message is intended only for the addressee(s) and contains > information which may be > confidential. > If you are not the intended recipient please advise the sender by return > email, do not use or > disclose the contents, and delete the message and any attachments from > your system. Unless > specifically indicated, this email does not constitute formal advice or > commitment by the sender > or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its > subsidiaries. > We can be contacted through our web site: commbank.com.au. > If you no longer wish to receive commercial electronic messages from us, > please reply to this > e-mail by typing Unsubscribe in the subject line. > ************************************************************** > > > > > ************** IMPORTANT MESSAGE ***************************** > This e-mail message is intended only for the addressee(s) and contains > information which may be > confidential. > If you are not the intended recipient please advise the sender by return > email, do not use or > disclose the contents, and delete the message and any attachments from > your system. Unless > specifically indicated, this email does not constitute formal advice or > commitment by the sender > or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its > subsidiaries. > We can be contacted through our web site: commbank.com.au. > If you no longer wish to receive commercial electronic messages from us, > please reply to this > e-mail by typing Unsubscribe in the subject line. > ************************************************************** > >