Security Vunerability ?

56 views
Skip to first unread message

sto...@hope.ac.uk

unread,
Mar 1, 2022, 8:41:17 AM3/1/22
to DSpace Technical Support
Hello All,

I have install dspace 7.2, followed all the instructions, all seems well, BUT our security team found an issue:

.m2/repository/org/apache/struts/struts-core/1.3.8/struts-core-1.3.8.jar
Installed version : 1.3.8
Fixed version : 2.x

I cannot find structs-core listed anywhere in the POM or documentation.  Is this needed ?  If so, can it be updated ?

Thanks

Jeff

Tim Donohue

unread,
Mar 1, 2022, 10:37:13 AM3/1/22
to DSpace Technical Support
Hi Jeff,

The ".m2/repository" folder is not used by DSpace at all.  It's the location that Maven will use to sometimes download dependencies & cache them, whenever you run any "mvn" command.  However, nothing in that folder is used in DSpace.  Any JARs used by DSpace would end up copied into the [dspace]/lib/ folder (where [dspace] is where you install DSpace) and/or the "server" webapp's "WEB-INF/lib/" folder.  

In my local DSpace 7.2 install, I don't see a "struts-core-*.jar" listed in either of those locations, so this file is not being used by your DSpace.

Tim

Reply all
Reply to author
Forward
0 new messages