Community
Products
Crowd
Questions
Can I update only Struts on a Crowd 4.2 server due to CVE-2020-17530?

Can I update only Struts on a Crowd 4.2 server due to CVE-2020-17530?

It seems Crowd 4.2 uses Struts version 2.5.17 and CVE-2020-17530 states that anything less that 2.5.26 is vulnerable to remote code execution attacks. I do not know if forced OGNL evaluation is used or not but I am being told to update. Is there a documented way to update Struts only on Crowd servers?

Products

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

Can I update only Struts on a Crowd 4.2 server due to CVE-2020-17530?

0 answers

Suggest an answer

DEPLOYMENT TYPE

TAGS

Atlassian Community Events

Ask a question

Start a discussion

Products

Community resources

Support

Top groups

Community resources

Support

Learn

Community resources

Support

Events

Community resources

Support

Get product advice from experts

Join a community group

Advance your career with learning paths

Earn badges and rewards

Connect and share ideas at events

Can I update only Struts on a Crowd 4.2 server due to CVE-2020-17530?

0 answers

Suggest an answer

DEPLOYMENT TYPE

TAGS

Atlassian Community Events