[Thread Prev][Thread Next][Index]

[las_users] LAS struts security issue - need to upgrade to struts 2.5.25

HI Roland,

NASA opened a security ticket on our LAS with regards to Struts, we have structs 2.5.17 but need to upgrade to struts 2.5.25.

How do we upgrade structs, can we replace the JAR with the update one? Or do we have rebuild with ant (info below from github) ?

We have some custom content in webapps that would get wiped out by a “ant clean/deploy” operation, so we hesitate to rebuild.

If you got a new version with the upgraded struts version, that might be best.

Thanks --Bryan





This release upgrades to the latest Struts 2 library (2.5.17) which addresses a potential vulnerability.


It includes some minor code changes and bug fixes.


If you don't want to upgrade your entire code base replace the file:

Web Content/WEB-INF/lib/struts2-core-2.5.13.jar with struts2-core-2.5.17.jar

and execute

ant clean

ant deploy


to install the changes.



Bryan Littlefield | Email : bryanl.littlefield@xxxxxxxxxx

Science Systems and Applications, Inc. | (626)508-9403



[Thread Prev][Thread Next][Index]

Contact Us
Dept of Commerce / NOAA / OAR / PMEL / TMAP

Privacy Policy | Disclaimer | Accessibility Statement