In May of 2015, a serious security issue was discovered in the Apache Struts web application framework. This issue could allow an attacker to execute arbitrary code on a server that was running a Struts application. The flaw was found in the way Struts processes untrusted input, and could be exploited to inject malicious code into a Struts application. All versions of Struts 2.3.x and 2.2.x were affected by this issue.
The Apache Struts team released a patch for this issue within a few days of the flaw being announced. However, many applications using Struts have still not been updated, leaving them vulnerable to attack. This is a serious issue, as Struts is a widely used framework for developing web applications.
If you are using Apache Struts in your web application, it is critical that you update to a patched version as soon as possible. Failure to do so could leave your application and server at risk of being compromised.