Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Department of Homeland Security Cybersecurity: Top 10 Vulnerabilities Still Being Exploited

By April Downey on May 28, 2020 vulnerabilities
DHS CISA lists Apache Struts as a top vulnerability. Yet, evidence shows it is still being downloaded - on average, by 10,000 organizations a month.

Deja Vu All Over Again - Another New Apache Struts Vulnerability (CVE-2018-11776)

By Brian Fox on August 23, 2018 Nexus Lifecycle
Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed on August 22, 2018. Everything you need to know and how to find out if you're affected.

Remote code execution vulnerability (CVE-2017-8046) in Pivotal's Spring Framework

By Derek Weeks on March 05, 2018 Apache Struts2
A remote code execution vulnerability (CVE-2017-8046) in Pivotal's very popular Spring Framework was disclosed last week, although the original vulnerability dates back 7 months to late 2017.

Struts2 Breach at Equifax was 100% Preventable. Here's how.

By Ilkka Turunen on September 20, 2017 Nexus Lifecycle
The breach at Equifax is a siren call for organizations to approach the problem of managing open source software by using automated technology.

Security Processes at the Apache Software Foundation (video and podcast)

By Mark Miller on September 15, 2017 Struts
In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software Foundation

Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

By Mark Miller on September 14, 2017 Known Vulnerabilities
With the acknowledgement by Equifax this morning, we talk about who is responsible for this, the creators of the open source solutions or people who use them.

Remediation at Scale: Lessons from PayPal for the Equifax Security Team

By Derek Weeks on September 13, 2017 devsecops
PayPal Lessons for the Equifax Security Team regarding the Struts2 related breach.

Bracing for Impact in More Ways than One -- Apache Struts2 (S2-053)

By Ryan Knell on September 12, 2017 Nexus Lifecycle
How one Sonatype Engineer responded to the Apache Struts2 announcement... while dealing with a hurricane bearing down on him.

Sonatype Statement: Struts2 and Equifax Breach

By Matt Howard on September 11, 2017 Open Source
Organizations like Equifax who leverage open source are responsible for practicing hygiene in a timely manner when fixes for vulnerabilities are available.