In an advisory yesterday, the Apache Software Foundation reiterates its recommendation for users of Struts to make sure their installations run a version of the Commons FileUpload library newer than 1.3.2, lest they expose their projects to possible remote code execution attacks. […]

from https://www.bleepingcomputer.com/news/security/apache-struts-team-urges-users-for-library-update-to-plug-years-old-bugs/