Apache Struts 2.3.x users are urged to update a flaw in the file upload mechanism built into Struts. The flaw is two years old and can lead to arbitrary code execution. Bad actors could leverage a flaw to execute arbitrary code and deploy malware. Struts users are directed to this link for the latest version of the latest Struts version. Users of Struts are not vulnerable, as this newer version of includes a patched commons-fileupload component. Users should also double check that they don’t have any other copies of the vulnerable library.”]

