In cases where the Struts community is notified or discovers a security vulnerability in a supported version, does the evaluation process include identifying unsupported versions that may be impacted as well? I realize the recommendation will likely be to upgrade to a supported version but I just wanted to confirm that even EOL versions are taken into account when identifying potential impacts.
Thanks!