Google's Patch Reward program
Apache Struts 2.5.18 GA
Apache Struts 2.5.18 GA has been released
on 15 October 2018.
Immediately upgrade commons-fileupload to version 1.3.3
The Apache Struts Team recommends to immediately upgrade your Struts 2 based projects to use the latest released version of Commons FileUpload library, which is currently 1.3.3. Announcement
Apache Struts Extras GA
The Struts Extras secure Multipart plugins General Availability - versions 1.1, use them to secure your application against critical security vulnerability reported in S2-045, S2-046, read more in Announcement or in README
Immediately upgrade to version 2.5.18 or 2.3.36
The Apache Security Struts Team recommends to immediately upgrade your Struts 2 based projects to use the latest released version of the Apache Struts to prevent possible RCE attack when using results with no namespace, reported in S2-057. Read more in Announcement.