This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • S2-044

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Who should read this

All Struts 2 developers and users

Impact of vulnerability

Possible DoS attack when using URLValidator

Maximum security rating



Upgrade to Struts 2.5.78

Affected Software

Struts 2.5 - Struts 2.5.5


 Jonathan Bullock <jonbullock at gmail dot com>

CVE Identifier



Upgrade to Apache Struts version 2.5.78.

Backward compatibility

No backward incompatibility issues are expected.