Apache Software Foundation has released Struts 2.3.15.1, a security update for its Java Web application development framework. The new release addresses two vulnerabilities that stem from issues in the implementation of the DefaultActionMapper class and its “action:”, “redirect:” and “RedirectAction:” prefixes in particular. Struts developers have added code that sanitizes the “action:”-prefixed information and have removed support for the “red” and “action” prefixes. The developers recommend replacing them in the code with fixed navigation rules.”]