File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Struts 1 No Longer Supported - Security vulnerability confirmed - No fix

 
Joe Ess
Bartender
Posts: 9214
9
Linux Mac OS X Windows
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The Apache Struts Project Team would like to inform you that the Struts 1.x web framework has reached its end of life and is no longer officially supported.

Started in 2000, Struts 1 had its last release - version 1.3.10 - in December 2008. In the meantime the Struts community has focused on pushing the Struts 2 framework forward, with as many as 23 releases as of April 2013. Taking this into account, announcing Struts 1 EOL is just the official statement that we have been lacking volunteer support for some time now and that users should not rely on a properly maintained framework state when utilizing Struts 1 in projects.

Read More Here

On Tue, 29 Apr 2014, the Struts developers confirmed that Struts is vulnerable to a class loader exploit:
The Apache Struts project team confirms that Struts 1 in all versions is
affected by a ClassLoader manipulation vulnerability similar to a
recently fixed vulnerability in Struts 2 (CVE-2014-0112, CVE-2014-0094) [1].

See here

There is currently no fix.
 
Yogesh Lonkar
Ranch Hand
Posts: 94
Eclipse IDE Hibernate Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Good to hear it as More attention will be given to Struts 2
 
Souvvik Basu
Ranch Hand
Posts: 96
Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ohh....does that mean we will not see many new projects being written on Struts 1.x from now on?

Just curious to know the opinion of other ranchers on this.

 
Joe Ess
Bartender
Posts: 9214
9
Linux Mac OS X Windows
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Souvvik Basu wrote:ohh....does that mean we will not see many new projects being written on Struts 1.x from now on?


Struts 1.x was useful when it was the only game in town, but it has serious architectural flaws. There is absolutely no reason to use Struts 1.x when more productive frameworks (Struts 2, Spring, Wicket, Stripes, etc.) have been available for years.
 
Souvvik Basu
Ranch Hand
Posts: 96
Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Joe,
It confuses me when I see people referring to Struts 2 as being a better alternative to Struts 1. Around 7-8 months back, I spoke to a couple of my seniors in the IT field (each with atleast 6+ years experience). All said that according to what they have seen in different projects, Struts 2 hasn't really caught up, and Struts 1.x is still by far the more popular option in Struts. They, ofcourse, agreed that Spring is better than either of Struts 1.x or 2.x

Just to clarify again...I am just interested to know people's opinion. Because this formal announcement did come as a little surprise to me. While its true that 1.x didnt have any releases post late december, a formal burial surprises me (given the feedback I got about its popularity and usefulness). So I just wanted to keep myself updated correctly on the trends.
 
Joe Ess
Bartender
Posts: 9214
9
Linux Mac OS X Windows
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Souvvik Basu wrote: Struts 2 hasn't really caught up, and Struts 1.x is still by far the more popular option in Struts.


If they are just talking numbers, Struts 1.x was the only game in town for several years, so it is unlikely that any single framework will get the numbers that it racked up. That said, it has several problems (form beans, Action classes must extend a class) that make developing with it extremely painful compared to modern frameworks. I would question the sanity of anyone who would pick Struts 1.x over Struts 2.x, even before the EOL announcement.

Souvvik Basu wrote:
1.x didnt have any releases post late december,


Struts 1.x hasn't had a release since December, 2008.
 
karthick meyyappan
Ranch Hand
Posts: 43
MyEclipse IDE Oracle
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It confuses me when I see people referring to Struts 2 as being a better alternative to Struts 1. Around 7-8 months back, I spoke to a couple of my seniors in the IT field (each with atleast 6+ years experience). All said that according to what they have seen in different projects, Struts 2 hasn't really caught up, and Struts 1.x is still by far the more popular option in Struts. They, ofcourse, agreed that Spring is better than either of Struts 1.x or 2.x

i really stick with highlights of Souvvik Basu. here also like that of same....
 
Jaikiran Pai
Marshal
Pie
Posts: 10444
227
IntelliJ IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
sekhar kiran,
Your post was moved to a new topic.
 
Ananth Chellathurai
Ranch Hand
Posts: 349
Eclipse IDE Hibernate Spring
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have used it in many of my projects, I am wondering if the existing projects would be migrated to Struts 2 or some other frameworks will win over.
 
Consider Paul's rocket mass heater.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic