Hello Struts users community,

Looking into this URL 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050, it states a 
security vulnerability for Apache Commons FileUpload before 1.3.1.

I'm using Struts v1.3 which bundles commons-fileupload-1.1.1.jar and the 
question I have is whether I can safely replace v1.1.1 by 
commons-fileupload-1.3.1.jar, the one that's bundled in the latest Struts 
version (2.3.16.2). The idea is to remediate the security issue but also, 
keeping functionality across the Struts v1.3.

Any help / advice would be really appreciated.

Thanks.

Reply via email to