A recent Apache Struts vulnerability has left current OneBusAway
installations incredibly vulnerable.
See
https://cwiki.apache.org/confluence/display/WW/S2-045
I have upgraded struts and cut a new version: 1.1.16
tag: onebusaway-application-modules-1.1.16
If you are running a fork of OneBusAway please changes
<struts-version> in /pom.xml:
<properties>
<struts-version>2.3.32</struts-version>
...
</properties>
and rebuild and redeploy.
I'm happy to answer any follow on questions either publicly or privately.
Thanks,
Sheldon