Hi Sreekanth, Lukasz beat me!
If you don't want to upgrade you should at least check the security bulletins http://struts.apache.org/release/2.2.x/docs/security-bulletins.html http://struts.apache.org/release/2.3.x/docs/security-bulletins.html see which vulnerabilities affect you and follow the instructions to resolve them. On 16 October 2013 10:48, Sreekanth S. Nair <sreekanth.n...@egovernments.org > wrote: > Hi, > Due to time and other internal constraints, we are unable to upgrade > strust2 to the latest version. So i would like to know if we use old > strust2 distro (in my case : struts2-core-2.1.2), what are the counter > measurement need to taken care? > > Regards >
