The Apache Struts group recommends upgrading to Apache Struts version 6.4.0 at least and migrating to the new file upload mechanism [1] to mitigate potential security vulnerability when using deprecated FileUploadInterceptor [2]. [1] https://struts.apache.org/core-developers/action-file-upload [2] https://struts.apache.org/core-developers/file-upload-interceptor
Please read the Security Bulletin S2-067 to find more details about this security vulnerability * https://cwiki.apache.org/confluence/display/WW/S2-067 All developers are strongly advised to perform this upgrade. Should any issues arise with your use of any version of the Struts framework, please post your comments to the user list, and, if appropriate, file a tracking ticket. * https://issues.apache.org/jira/projects/WW/ You can download the latest version from our download page. * https://struts.apache.org/download.cgi#struts-ga Regards Ćukasz --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
