Sonatype Selected by Equifax to Support OS Governance Press Release

SON_logo_blog_2

Deja Vu All Over Again - Another New Apache Struts Vulnerability (CVE-2018-11776)

By Brian Fox on August 23, 2018 struts breach

Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed late yesterday - leaving many feeling like they’re having Deja Vu.

Read More...

Remote code execution vulnerability (CVE-2017-8046) in Pivotal's Spring Framework

A remote code execution vulnerability (CVE-2017-8046) in Pivotal's very popular Spring Framework was disclosed last week by the team at lgtm, although the

Read More...

Struts2 Breach at Equifax was 100% Preventable. Here's how.

By Ilkka Turunen on September 20, 2017 Apache Struts2

The breach at Equifax is a siren call. It's time for organizations to approach the problem of managing open source software by using automated technology,

Read More...

Security Processes at the Apache Software Foundation (video and podcast)

By Mark Miller on September 15, 2017 Apache Struts2

In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software

Read More...

Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

By Mark Miller on September 14, 2017 Apache Struts2

Update: This article was originally published on September 14, 2017. The same day, Kevin McGrail published an article on LinkedIn, Act II: Equifax tries and

Read More...

Remediation at Scale: Lessons from PayPal for the Equifax Security Team

By Derek Weeks on September 13, 2017 equifax

In January 2016,  of PayPal wrote about how his company managed their response to a critical Java open source component vulnerability in one

Read More...

Bracing for Impact in More Ways than One -- Apache Struts2 (S2-053)

By Ryan Knell on September 12, 2017 Apache Struts2

Bracing for impact... or how one Sonatype Engineer responded to the Apache Struts2 announcement while dealing with a hurricane bearing down on him.

Read More...

Sonatype Statement: Struts2 and Equifax Breach

By Matt Howard on September 11, 2017 equifax

Based upon the tremendous amount of publicity surrounding the recent data breach at Equifax, as stewards of the Central Repository we felt it was important

Read More...

Struts2 Vulnerability Cracks Equifax

By Derek Weeks on September 09, 2017 struts2

Four days ago, we saw a critical vulnerability in Struts2 that would leave web applications vulnerable to remote execution of code and enable direct access

Read More...