back to article Apache's latest SNAFU – Struts normal, all fscked up: Web app framework needs urgent patching

Another critical security hole has been found in Apache Struts 2, requiring an immediate update. The vulnerability – CVE-2018-11776 – affects core code and allows miscreants to pull off remote code execution against vulnerable servers and websites. It affects all versions of Struts 2, the popular open-source framework for Java …

  1. Anonymous Coward
    Anonymous Coward

    Apache

    Honestly, in late 99 or so, the Apache Foundation was in its prime and was the place to go for high quality software.

    Today? It's become such a dumping ground of toxic sludge that I'm surprised it's not considered an EPA Superfund Site.

    If you're running any Apache code in production, you probably should be working in a different industry.

    1. Destroy All Monsters Silver badge

      Re: Apache

      You are Donald Trump and I claim my 2 pounds.

    2. Anonymous Coward
      Anonymous Coward

      Re: Apache

      You're comment suggests you shouldn't be involved in making software architectural decisions.

      So a bug was found in an Apache product. Bugs are found in all software. Patch it and move on.

  2. Nolveys Silver badge

    Struts?

    What's this Struts malarkey about?

    Java

    Oh, that's your problem right there.

    1. Destroy All Monsters Silver badge
      Facepalm

      Re: Struts?

      Another NPM aficionado. Move along now.

      > 2018

      > Apparently never heard of Struts

      Do you even high school?

      1. Nolveys Silver badge
        Windows

        Re: Struts?

        Apparently never heard of Struts

        I'd heard of it, just didn't remember anything about it. I might have taken a look at the Wikipedia page at some point long enough to see "Java" and then close the tab as my brain made an audible flushing noise.

    2. bombastic bob Silver badge
      Devil

      Re: Struts?

      yeah I had to go look it up. checked out a tutorial. wasn't impressed. seems to have a lot of cruft in it. PHP would be easier (and probably faster to code) for the 'hello world' example.

      Sorta reminds me of why I don't like C-pound. Or various HTML authoring tools.

      /me goes back to hand-coding all HTML with a decent editor like 'pluma', without using _ANY_ Javascript. And just make the PHP backend do the work as needed.

      1. Pascal Monett Silver badge
        Joke

        Pluma ? Are you kidding ?

        Notepad++ FTW.

        Start the flame wars.

  3. Korev Silver badge
    Coffee/keyboard

    Get your equifax right

    Paging Equifax: Time to update again, fellas

    This -->

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019