Some people say they avoid Java "because of all the bugs", but that is precisely why I love working with Java and its frameworks. They're very popular, get inspected more than other contribution projects, and get patched regularly. And unlike C#, Java doesn't restructure its API code base incompatibly with each major release.
Apache says Struts 2 security bug wasn't fully fixed in 2020
Apache has taken another shot at fixing a critical remote code execution vulnerability in its Struts 2 framework for Java applications – because the first patch, issued in 2020, didn't fully do the trick. The security flaw exists in Struts versions 2.0.0 to 2.5.29, and an attacker could exploit it to gain control of a …