Struts 220.127.116.11 General Availability is released with a potential security fix
Struts 2.5.x's latest version is released on 7 march 2017 with a security fix and developers are advised to upgrade their production applications to this version of Struts 2.5x framework.
The GA (General Availability) version of Struts framework is the highest quality of the software update, developers should use "General Availability" in their production environment.
This release of the Struts 2 framework fixes a potential security flaw. This flaw is related with the file upload process where "Possible Remote Code Execution" bug was fixed. Following versions of Struts 2 framework is affected:
If you are using above versions of Struts framework then immediately update your application to Struts 18.104.22.168 GA.
More details about the bug:
Following is the screen shot from Struts 2 bug report system which gives more information about the bug:
So, developer should use latest version of Struts 2 in their project.
Struts 2 is powerful MVC framework in Java which is used in developing the modern Enterprise Java base applications. It offers lots of features which helps developer to build modern applications.
Downloading Struts 2.5.10
The Struts 2 latest version is available from Struts official website and its available in zip format. You can also use the Maven build tool and include its dependency in the project.
Maven Dependency of Struts 2.5.10
Maven build tool is also very convenient method for getting Struts 2 dependency in your project. If you are using Maven in your project then add the following dependency:
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>22.214.171.124</version> </dependency>
More tutorials of Struts 2