2017-12-08 19:11 GMT+01:00 <[hidden email]>:
> It looks like the Jackson-databind issue is only associated with 2.5.X
> versions of Struts. I just want to confirm that 2.3.X versions are not.
Struts 2.3.x series is using a different version of the Jackson
library  and we have no knowledge if that version is vulnerable as
well. Also, 2.3.x series is using json-lib as a default JSON handler
implementation which means it's impacted by