Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Can I update only Struts on a Crowd 4.2 server due to CVE-2020-17530?

It seems Crowd 4.2 uses Struts version 2.5.17 and CVE-2020-17530 states that anything less that 2.5.26 is vulnerable to remote code execution attacks. I do not know if forced OGNL evaluation is used or not but I am being told to update. Is there a documented way to update Struts only on Crowd servers?

0 answers

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Jira

Admins, notify your Jira instance of system-wide changes with the new admin announcement banner

Hi All! We’re excited to share the launch of an announcement banner that lets Jira site administrators communicate directly to their users across Jira Cloud instance.   📢 Get y...

75 views 3 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you