Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Deja Vu All Over Again - Another New Apache Struts Vulnerability (CVE-2018-11776)

By Brian Fox on August 23, 2018 Nexus Lifecycle
Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed on August 22, 2018. Everything you need to know and how to find out if you're affected.
Read More...

Remote code execution vulnerability (CVE-2017-8046) in Pivotal's Spring Framework

By Derek Weeks on March 05, 2018 Apache Struts2
A remote code execution vulnerability (CVE-2017-8046) in Pivotal's very popular Spring Framework was disclosed last week, although the original vulnerability dates back 7 months to late 2017.
Read More...

Struts2 Breach at Equifax was 100% Preventable. Here's how.

By Ilkka Turunen on September 20, 2017 Nexus Lifecycle
The breach at Equifax is a siren call for organizations to approach the problem of managing open source software by using automated technology.
Read More...

Security Processes at the Apache Software Foundation (video and podcast)

By Mark Miller on September 15, 2017 Struts
In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software Foundation
Read More...

Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

By Mark Miller on September 14, 2017 Known Vulnerabilities
With the acknowledgement by Equifax this morning, we talk about who is responsible for this, the creators of the open source solutions or people who use them.
Read More...

Remediation at Scale: Lessons from PayPal for the Equifax Security Team

By Derek Weeks on September 13, 2017 devsecops
PayPal Lessons for the Equifax Security Team regarding the Struts2 related breach.
Read More...

Bracing for Impact in More Ways than One -- Apache Struts2 (S2-053)

By Ryan Knell on September 12, 2017 Nexus Lifecycle
How one Sonatype Engineer responded to the Apache Struts2 announcement... while dealing with a hurricane bearing down on him.
Read More...

Sonatype Statement: Struts2 and Equifax Breach

By Matt Howard on September 11, 2017 Open Source
Organizations like Equifax who leverage open source are responsible for practicing hygiene in a timely manner when fixes for vulnerabilities are available.
Read More...

Struts2 Vulnerability Cracks Equifax

By Derek Weeks on September 09, 2017 Software Supply Chain
Equifax breach of 143 million consumer records linked to Struts2 open source vulnerability.
Read More...