Friday, 10 July 2026

Apache developers release security update for Apache Struts

The Apache Software Foundation has released a security update for Apache Struts that addresses a vulnerability (CVE-2025-68493). A remote attacker could exploit these vulnerabilities to trigger denial of service condition, security restriction bypass and sensitive information disclosure on the targeted system. The issue affects Apache Struts 2.3.37 (EOL), 2.5.33 (EOL), 6.1.0 and prior versions. The vulnerability has been fixed in Apache Struts 6.1.1.

More information on vulnerabilities and update is available in the Apache’s release note – apache.org

15 January 2026

-
23