No worries, we'll get everything patched within six months.
Stop us if you've heard this one: Remote code hijacking flaw in Apache Struts, patch ASAP
The Apache Foundation is urging developers to update their Struts 2 installations and projects using the code – after a critical security flaw was found in a key component of the framework. A warning this week from Apache reveals that devs should make sure their websites and other applications are running Struts versions 2.5. …
COMMENTS
-
-
Wednesday 7th November 2018 06:15 GMT Anonymous Coward
Re: Bad reputation?
Easier said than done: projects within Apache have a high degree of autonomy. The only place a project gets booted is into the attic, and that's when the world (more specifically, the development community) has lost interest.
The point in the article that calls for clarification and tough questions is why and to what extent there is no easy drop-in patch path for sysops using struts. I think we should ask the team to review how that can be addressed to ensure easy fixes for future issues.
-