Featured Article

New Design, New Features: Maven Central Improvements for Developers

By Amanda Yeo on March 28, 2023 open source security

Hosted by Sonatype, Maven Central has a refreshed interface and new features to improve the developer experience.

Read More

SHARE:

Sonatype_Blog_Logo_White
READ MORE

Department of Homeland Security Cybersecurity: Top 10 Vulnerabilities Still Being Exploited

By April Downey on May 28, 2020 vulnerabilities

3 minute read time

DHS CISA lists Apache Struts as a top vulnerability. Yet, evidence shows it is still being downloaded - on average, by 10,000 organizations a month.
Read More...
LC 1
READ MORE

Deja Vu All Over Again - Another New Apache Struts Vulnerability (CVE-2018-11776)

By Brian Fox on August 23, 2018 Nexus Lifecycle

2 minute read time

Another remote code execution vulnerability in Apache’s Struts2 Framework was disclosed on August 22, 2018. Everything you need to know and how to find out if you're affected.
Read More...
Screen Shot 2018-03-05 at 10.20.42 AM.png
READ MORE

Remote code execution vulnerability (CVE-2017-8046) in Pivotal's Spring Framework

By Derek Weeks on March 05, 2018 Apache Struts2

2 minute read time

A remote code execution vulnerability (CVE-2017-8046) in Pivotal's very popular Spring Framework was disclosed last week, although the original vulnerability dates back 7 months to late 2017.
Read More...
Slide9.png
READ MORE

Struts2 Breach at Equifax was 100% Preventable. Here's how.

By Ilkka Turunen on September 20, 2017 Nexus Lifecycle

25 second read time

The breach at Equifax is a siren call for organizations to approach the problem of managing open source software by using automated technology.
Read More...
ASF - 700 x 700.png
READ MORE

Security Processes at the Apache Software Foundation (video and podcast)

By Mark Miller on September 15, 2017 Struts

1 minute read time

In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software Foundation
Read More...
08298b6[1].jpg
READ MORE

Struts2 Vulnerabilities: Who Is Responsible? (Video and Podcast)

By Mark Miller on September 14, 2017 Known Vulnerabilities

1 minute read time

With the acknowledgement by Equifax this morning, we talk about who is responsible for this, the creators of the open source solutions or people who use them.
Read More...
iStock-629789582.jpg
READ MORE

Remediation at Scale: Lessons from PayPal for the Equifax Security Team

By Derek Weeks on September 13, 2017 devsecops

2 minute read time

PayPal Lessons for the Equifax Security Team regarding the Struts2 related breach.
Read More...
Ryan Knell.jpg
READ MORE

Bracing for Impact in More Ways than One -- Apache Struts2 (S2-053)

By Ryan Knell on September 12, 2017 Nexus Lifecycle

5 minute read time

How one Sonatype Engineer responded to the Apache Struts2 announcement... while dealing with a hurricane bearing down on him.
Read More...
READ MORE

Sonatype Statement: Struts2 and Equifax Breach

By Matt Howard on September 11, 2017 Open Source

2 minute read time

Organizations like Equifax who leverage open source are responsible for practicing hygiene in a timely manner when fixes for vulnerabilities are available.
Read More...