Google's Patch Reward program
Apache Struts 2.5.18 GA
Apache Struts 2.5.18 GA has been released
on 15 October 2018.
Immediately upgrade commons-fileupload to version 1.3.3
The Apache Struts Team recommends to immediately upgrade your Struts 2 based projects to use the latest released version of Commons FileUpload library, which is currently 1.3.3. Announcement
Apache Struts 2.3.x EOL
The Apache Struts Team informs about discontinuing support for Struts 2.3.x branch in 6 months, you can expect only support in case of security issues and we recommend migration to the latest version of Struts, read more in Announcement
Immediately upgrade to version 2.5.18 or 2.3.36
The Apache Security Struts Team recommends to immediately upgrade your Struts 2 based projects to use the latest released version of the Apache Struts to prevent possible RCE attack when using results with no namespace, reported in S2-057. Read more in Announcement.