There is a security vulnerability report, CVE-2012-1007, that was released on 02/07/2012 for Struts v1.3.10. There doesn't appear to be a response or available patch from the Apache Struts organization on this issue.
Since v1.3.10 general availability date of 04 December 2008, there has not been any notable activity for this release. Is Struts v1.3.10 actively assessed for security vulnerabilities and security fixes? Thanks in advance, Garry
