Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Need help to resolve Vulnerabilities

jitendrabh March 14, 2019

Hi Team,

I found one critical Vulnerabilities (97610 - Apache Struts 2.3.5 - 2.3.31 / 2.5.x < Jakarta Multipart Parser RCE) in bamboo application. We tried to download struts2-core-2.5.20 .jar from apache strut site but its not working, even I tried from maven repository but no luck. So need help from this community to resolve my issue.

Application not started with struts2-core-2.5.20.jar file so I have to roll back with old file again to run application properly.


Bamboo : version build 51314

File Location : /opt/atlassian/bamboo/atlassian-bamboo/WEB-INF/lib

File Name : struts2-core-2.5.1-atlassian-10.jar

Need greater version than 2.5.1



1 answer

0 votes
Petr Vaníček
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 14, 2019


your version is over EOL so I think you have only two options.

  1. Recommended - Upgrade to some newer version to minimal 6.2.5+, because till previous version is also CVE-2017-14589 which is really critical (from my experience someone mining on Bamboo by this vulnereability of Struts
  2. Risk - Try solve it with another version, but as you know it's not easy or impossible.

Can you make upgrade?

jitendrabh March 14, 2019

HI Petr,

Thanks for quick reply

I need to check if i can upgrade.




Suggest an answer

Log in or Sign up to answer
AUG Leaders

Atlassian Community Events