back to article Apache says Struts 2 security bug wasn't fully fixed in 2020

Apache has taken another shot at fixing a critical remote code execution vulnerability in its Struts 2 framework for Java applications – because the first patch, issued in 2020, didn't fully do the trick. The security flaw exists in Struts versions 2.0.0 to 2.5.29, and an attacker could exploit it to gain control of a …

  1. Anonymous Coward
    Anonymous Coward

    Some people say they avoid Java "because of all the bugs", but that is precisely why I love working with Java and its frameworks. They're very popular, get inspected more than other contribution projects, and get patched regularly. And unlike C#, Java doesn't restructure its API code base incompatibly with each major release.

    1. Jim Mitchell

      "They're very popular, get inspected more than other contribution projects"

      I think this is called damning with faint praise.

    2. James Anderson


      I always thought it was a bug.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like