Update struts2-core jar in Bamboo to satisfy scanners for CVE-2023-50164

XMLWordPrintable

      Description

      This feature request is raised to upgrade the below library in Bamboo, the versions of Jar might vary across different Bamboo versions, the below example is for Bamboo 9.2.7

      Library: org.apache.struts:struts2-core@2.5.31-atlassian-1
      File: /atlassian-bamboo/WEB-INF/lib/struts2-core-2.5.31-atlassian-1.jar

      Solution

      Although Bamboo is not vulnerable to CVE-2023-50164 , the request is to upgrade the struts library to Struts 2.5.33 or Struts 6.3.0.2 or greater

            Assignee:
            Shashank Kumar
            Reporter:
            Shashank Kumar
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: