Hello Struts users community, Looking into this URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050, it states a security vulnerability for Apache Commons FileUpload before 1.3.1.
I'm using Struts v1.3 which bundles commons-fileupload-1.1.1.jar and the question I have is whether I can safely replace v1.1.1 by commons-fileupload-1.3.1.jar, the one that's bundled in the latest Struts version (2.3.16.2). The idea is to remediate the security issue but also, keeping functionality across the Struts v1.3. Any help / advice would be really appreciated. Thanks.
