Updated:  April 25, 2014

Status

Affected

Vendor Statement

A security fix release fully addressing this issue is in preparation and will be released as soon as possible. Once the release is available, all Struts 2 users are strongly recommended to update their installations.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

• http://struts.apache.org/announce.html#a20140424