We have a project that was developed using Struts-1.2.4 version. As this version has some security vulnerabilities, we are planning to adopt a new version in 1.x only(not Struts 2 as Struts 2 is a complete new stuff). What's the version in Struts 1.x which has no security vulnerabilities and best one to go with?
Thanks, Sunil
If you check the vulnerability database, you will find all the 1.x versions are having few at least. Better to update to a version like 2.3.34 or never by putting some effort to the code base.
https://www.cvedetails.com/version-list/45/6117/3/Apache-Struts.html?sha=0fb43196be9e95bac47800de1a8f1497abbfb376&order=1&trc=154