back to article Stop us if you've heard this one: Remote code hijacking flaw in Apache Struts, patch ASAP

The Apache Foundation is urging developers to update their Struts 2 installations and projects using the code – after a critical security flaw was found in a key component of the framework. A warning this week from Apache reveals that devs should make sure their websites and other applications are running Struts versions 2.5. …

  1. Anonymous Coward
    Anonymous Coward

    No worries, we'll get everything patched within six months.

  2. Anonymous Coward
    Anonymous Coward

    Bad reputation?

    The Apache Foundation needs to kick this project to the curb or at least remove the "Apache" part of the name. It just hurts their reputation.

    1. Anonymous Coward

      Re: Bad reputation?

      Easier said than done: projects within Apache have a high degree of autonomy. The only place a project gets booted is into the attic, and that's when the world (more specifically, the development community) has lost interest.

      The point in the article that calls for clarification and tough questions is why and to what extent there is no easy drop-in patch path for sysops using struts. I think we should ask the team to review how that can be addressed to ensure easy fixes for future issues.

  3. Anonymous Coward
    Anonymous Coward

    My interpretation of the notice was that the problem is in the Apache Commons Fileupload library. The Struts update is to bundle the latest version of Fileupload.

  4. JCitizen


    The second I saw the word "struts" the Equifax breach came immediately to mind!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019