On August 22, the Apache Software Foundation announced a remote code execution vulnerability in Struts, called CVE-2018-11776. After investigating, we have determined that Crowd is not affected by this vulnerability. While Crowd do use Struts, it is not configured in a way that would leave it susceptible to this bug. However, as an extra precaution that is in-line with industry best practices, we are updating Struts in Crowd to the latest version.