Update struts2-core jar in Bamboo to satisfy scanners for CVE-2023-50164

XMLWordPrintable

      Description

      This feature request is raised to upgrade the below library in Bamboo, the versions of Jar might vary across different Bamboo versions, the below example is for Bamboo 9.2.7

      Library: org.apache.struts:struts2-core@2.5.31-atlassian-1
      File: /atlassian-bamboo/WEB-INF/lib/struts2-core-2.5.31-atlassian-1.jar

      Solution

      Although Bamboo is not vulnerable to CVE-2023-50164 , the request is to upgrade the struts library to Struts 2.5.33 or Struts 6.3.0.2 or greater

              Assignee:
              Shashank Kumar
              Reporter:
              Shashank Kumar
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: