Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-5151

Bump to 2.15.0 to fix log4j vulnerability

    XMLWordPrintableJSON

Details

    • Dependency
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 2.5.20, 2.5.22, 2.5.25, 2.5.26, 2.5.27
    • 2.6
    • Core Actions, Other
    • None
    • Any version that uses log4j before 2.15.0

    Description

      Hello,

      It seems Apache struts is affected by the log4j vulnerability. I've shared my findings with the security team privately where you could review the vulnerable code paths.

       

      Github PR: https://github.com/apache/struts/pull/511

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              calderpwn Paulino Calderon
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m