[Thread Prev][Thread Next][Index]

[las_users] Re: LAS struts security issue - need to upgrade to struts 2.5.25


I made a release which upgrades LAS 8 to use Struts 2 2.5.25. You can find it here: https://github.com/NOAA-PMEL/LAS/releases/tag/v8.6.10.

Thanks for letting me know. I hope this helps.


On Mon, Oct 26, 2020 at 4:09 PM Bryan Littlefield <bryan.littlefield@xxxxxxxxxx> wrote:

HI Roland,

NASA opened a security ticket on our LAS with regards to Struts, we have structs 2.5.17 but need to upgrade to struts 2.5.25.

How do we upgrade structs, can we replace the JAR with the update one? Or do we have rebuild with ant (info below from github) ?

We have some custom content in webapps that would get wiped out by a “ant clean/deploy” operation, so we hesitate to rebuild.

If you got a new version with the upgraded struts version, that might be best.

Thanks --Bryan





This release upgrades to the latest Struts 2 library (2.5.17) which addresses a potential vulnerability.


It includes some minor code changes and bug fixes.


If you don't want to upgrade your entire code base replace the file:

Web Content/WEB-INF/lib/struts2-core-2.5.13.jar with struts2-core-2.5.17.jar

and execute

ant clean

ant deploy


to install the changes.



Bryan Littlefield | Email : bryanl.littlefield@xxxxxxxxxx

Science Systems and Applications, Inc. | (626)508-9403



The policy of the DOC and NOAA requires me to inform you that the opinions in this email are mine and do not necessarily represent the opinion or policy of the Department of Commerce or the National Oceanic and Atmospheric Administration.

[Thread Prev][Thread Next][Index]

Contact Us
Dept of Commerce / NOAA / OAR / PMEL / TMAP

Privacy Policy | Disclaimer | Accessibility Statement