struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vivek verma <>
Subject Security vulnerabilities on using strut2-struts1-plugin-
Date Fri, 06 May 2016 07:43:49 GMT
Our project is developed on Struts 1.1 and has been running without any issues for the past
several years. Due to EOL anouncement for struts 1.x we are planning to move to Struts 2. As
per the migration strategies stated, we are planning to use struts2-struts1-plugin-
in our system and for any new development we are planning to use Struts 2 framework.
With regard to this, we have the following queries:-1)If we are using this plugin would security
vulnerabilities reported on struts 1.x, struts 2.x get mitigated since we would be using struts
2.3.28 to handle the incoming request first and delegating to struts-1.3.10 classes internally.
2)If above is not so, any recommendations on when to use this plugin.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message