[CWD-5240] Upgrade Struts with CVE-2018-11776 fixed

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 3.1.5, 3.2.5
Affects Version/s: None
Component/s: None
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

On August 22, the Apache Software Foundation announced a remote code execution vulnerability in Struts, called CVE-2018-11776. After investigating, we have determined that Crowd is not affected by this vulnerability. While Crowd do use Struts, it is not configured in a way that would leave it susceptible to this bug. However, as an extra precaution that is in-line with industry best practices, we are updating Struts in Crowd to the latest version.

blocks: CHAT-2411 Loading...

duplicates: KRAK-1612 Loading...

PIR - Priority Action: PIR-2190 Loading...

relates to: HOT-84616 Loading...; ST-5053 Loading...

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: hari

Affected customers:: 0 This affects my team

Watchers:: 10 Start watching this issue

Created:: 22/Aug/2018 9:07 PM

Updated:: 24/Oct/2018 5:06 AM

Resolved:: 30/Aug/2018 11:00 AM

Details

Description

Attachments

Issue Links

Forms

Activity

People

Dates