Can you kindly provide clarity as to the exact status of the 2.3 series in terms of ongoing support and security status.
On the Struts web page https://struts.apache.org/
I found the statement:
"It's the latest release of Struts 2.3.x which contains the latest security fixes, read more in Announcement or in Version notes"
Yet, on the page at https://struts.apache.org/releases.html it is stated that :
As a courtesy, we retain archival copies of the website for releases that initially were considered "General Availability" but which has been reclassified as "Not recommended" since they contain security issues
And version 2.3.34 is listed here.
Lastly - I find no EOL announcement for 2.3.x
So in summary the question is:
1 Is the 2.3 series EOL?
2 Does 2.3.34 contain any known security bugs?
Thanking you in advance