Hi Santhi,
I am not a member of the Struts team, but I don't think anyone on this mailing
list will be able to provide you with assistance with maintaining a Struts 1.1
project.
Struts 1.1 was released in 2005, almost 20 years ago, and the entire Struts 1.x
line has been end of life for over 10 years by now. There are over a dozen
known vulnerabilities in Struts 1.1 and the associated dependencies, and you
should not be using it anymore, not even for internal applications. The Apache
foundation no longer maintains the project and has since moved on to maintain
more recent versions of Struts, like 6.X and the upcoming Struts 7.
If you ABSOLUTELY need to keep using Struts 1x., which again I strongly urge
you to reconsider, but want to upgrade other jars, the only safe way to do so
is for you to fork the project and maintain your own branch. This would most
likely be significantly more challenging and time consuming than finding and
fixing the other compatibility issues in your project that prevent you from
upgrading to Struts 6.4 or another Struts version that still supported.
Again, I VERY strongly urge you to migrate your project to a more supported
framework than Struts 1.1. Struts 1.1 predates Chrome, Java SE, Tomcat 6,
Windows Vista, TLS 1.1 and hundreds of other internet-related components that
have since been superseded, EOLed or broken beyond repair. Using a framework
that old is downright irresponsible, akin to a modern doctor not washing his
hands or one telling his patients that smoking is harmless. You're risking the
devices of all your users and all of their data.
Regards,
Nate
-----Original Message-----
From: Santhi Kumaran <santhikumaran1...@gmail.com>
Sent: Thursday, 4 July 2024 08:52
To: user@struts.apache.org
Subject: struts
Team
I am upgrading the apache jars. Due to compatibility issues in my
project, I am unable to upgrade struts1 to struts2 but need to upgrade other
jars. I would require the following information.
1. Is struts.jar (version 1.1) dependent on commons-lang.jar?
2. If yes, can i use commons-lang3:jar:3.14.0 with struts 1.1 instead of using
commons-lang.jar?
3. Is struts 1.1 dependent on commons-digester? If yes, which is the highest
version of commons-digester, struts1.1 is compatible with?
4. The highest version of commons-digester 2.1 has vulnerability in the compile
dependencies. Can i use commons-digester3 with struts1.1? If yes, what is the
highest compatible version?
5. Is struts 1.1 dependent on commons-validator? If yes, which is the highest
version of commons-validator, struts1.1 is compatible with?
Thanks
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
