Security Vunerability ?
56 views
Skip to first unread message
sto...@hope.ac.uk
Mar 1, 2022, 8:41:17 AM3/1/22
to DSpace Technical Support
Hello All,
I have install dspace 7.2, followed all the instructions, all seems well, BUT our security team found an issue:
.m2/repository/org/apache/struts/struts-core/1.3.8/struts-core-1.3.8.jar
Installed version : 1.3.8
Fixed version : 2.x
Installed version : 1.3.8
Fixed version : 2.x
I cannot find structs-core listed anywhere in the POM or documentation. Is this needed ? If so, can it be updated ?
Thanks
Jeff
Tim Donohue
Mar 1, 2022, 10:37:13 AM3/1/22
to DSpace Technical Support
Hi Jeff,
The ".m2/repository" folder is not used by DSpace at all. It's the location that Maven will use to sometimes download dependencies & cache them, whenever you run any "mvn" command. However, nothing in that folder is used in DSpace. Any JARs used by DSpace would end up copied into the [dspace]/lib/ folder (where [dspace] is where you install DSpace) and/or the "server" webapp's "WEB-INF/lib/" folder.
In my local DSpace 7.2 install, I don't see a "struts-core-*.jar" listed in either of those locations, so this file is not being used by your DSpace.
Tim
Reply all
Reply to author
Forward
0 new messages