I would think it pertains to Struts 1 applications since the finding is
for any use of Apache Commons FileUpload before 1.3.3. The latest
version of Struts 1 used commons-fileupload-1.0.jar. Not many
applications use the library so you may be able to just remove the jar
from your application. If you don't find that's possible I have had
success dropping in newer versions of commons-fileupload to replace the
older. I haven't attempted it to a Struts 1 application though.
John B
On 11/14/2018 12:41 PM, Eric Reed wrote:
Struts 2.
-----Original Message-----
From: Deborah White<deborah.wh...@doj.ca.gov>
Sent: Wednesday, November 14, 2018 1:34 PM
To:user@struts.apache.org
Subject: Question
Hello, we have some very old internal apps that are still using Struts 1. Does
this alert apply to Struts 1 or only Struts 2? It says 2.3.36 or prior so I'm
not sure.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031
CONFIDENTIALITY NOTICE: This communication with its contents may contain
confidential and/or legally privileged information. It is solely for the use of
the intended recipient(s). Unauthorized interception, review, use or disclosure
is prohibited and may violate applicable laws including the Electronic
Communications Privacy Act. If you are not the intended recipient, please
contact the sender and destroy all copies of the communication.
Confidentiality Notice
This email including all attachments is confidential and intended solely for
the use of the individual or entity to which it is addressed. This
communication may contain information that is protected from disclosure under
State and/or Federal law. Please notify the sender immediately if you have
received this communication in error and delete this email from your system. If
you are not the intended recipient you are notified that disclosing, copying,
distributing or taking any action in reliance on the contents of this
information is strictly prohibited.
---------------------------------------------------------------------
To unsubscribe, e-mail:user-unsubscr...@struts.apache.org
For additional commands, e-mail:user-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
