Apache Struts is a free, open-source, MVC framework for creating elegant,
modern Java web applications. It favors convention over configuration, is
extensible using a plugin architecture, and ships with plugins to support
REST, AJAX and JSON.
Apache Struts 2.5.26 GA
Apache Struts 2.5.26 GA has been released
on 06 December 2020.
Read more in
Security Advice S2-061 released
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
Read more in
Google's Patch Reward program
SFHTML5 Google announced that
they extend their program to cover the Apache Struts project as well. Now you can earn
money preparing patches for us!
Apache Struts 2.3.x EOL
The Apache Struts Team informs about discontinuing support for Struts 2.3.x branch, we recommend migration
to the latest version of Struts, read more in
Apache Struts 2.3.37 GA
It's the latest release of Struts 2.3.x which contains the latest security fixes,
released on 30 December 2018.
Read more in Announcement or in
Immediately upgrade commons-fileupload to version 1.3.3
The Apache Struts Team recommends to immediately upgrade your Struts 2
based projects to use the latest released version of Commons
FileUpload library, which is currently 1.3.3.
Apache Struts, Struts, Apache, the Apache feather logo, and the Apache Struts project logos are
trademarks of The Apache Software Foundation.