# Apache Struts 2 Extras - secure Jakarta Multipart parser plugin
[](https://maven-badges.herokuapp.com/maven-central/org.apache.struts/struts2-secure-jakarta-multipart-parser-plugin/)
[](http://www.apache.org/licenses/LICENSE-2.0.html)
This plugin provides a safe implementation of the Jakarta Multipart parser from the Struts Core. It can be used
to mitigate vulnerability described in the [S2-045](http://struts.apache.org/docs/s2-045.html) Security Bulletin.
You should use this plugin in case you are not able to migrate to the latest Struts version.
## Supported versions
This plugins can be used with the Apache Struts versions 2.3.8 till 2.5.5, if you are running the Apache Struts 2.5.8+
you must migrate to the latest version which is [Struts 2.5.10.1](http://struts.apache.org/announce.html#a20170307).
## How to use it
Just drop the jar into `WEB-INF/libs` folder and add the bellow definition into your `struts.xml`:
- if you are running the Apache Struts 2.3.8 - 2.3.31
```xml
<bean type="org.apache.struts2.dispatcher.multipart.MultiPartRequest"
class="org.apache.struts.extras.SecureJakartaMultiPartRequest"
name="secure-jakarta"
scope="default"/>
<constant name="struts.multipart.parser" value="secure-jakarta"/>
```
- if you are running the Apache Struts 2.5 - 2.5.5
```xml
<bean type="org.apache.struts2.dispatcher.multipart.MultiPartRequest"
class="org.apache.struts.extras.SecureJakartaMultiPartRequest"
name="secure-jakarta"
scope="prototype"/>
<constant name="struts.multipart.parser" value="secure-jakarta"/>
```
and then restart your application, you can use one of the existing PoCs to test if everything is ok.
If you are using Maven to build your project, please add the following dependency into your pom:
```xml
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId rel='nofollow' onclick='return false;'>struts2-secure-jakarta-multipart-parser-plugin</artifactId>
<version>1.0</version>
</dependency>
```
If you are not building with Maven or you simply need the Jar to drop it into an existing Struts 2 based application deployment,
you can [download it directly from Maven Central](http://search.maven.org/remotecontent?filepath=org/apache/struts/struts2-secure-jakarta-multipart-parser-plugin/1.0/struts2-secure-jakarta-multipart-parser-plugin-1.0.jar).
## Remarks
Please be aware that this is just a temporary solution, you should consider migration to the latest version anyway.
struts
- x2_224188了解作者
- 10.9KB文件大小
- zip文件格式
- 0收藏次数
- VIP专享资源类型
- 0下载次数
- 2022-04-10 01:39上传日期
Apache Struts项目提供了Apache Struts 2 Web框架,该框架是用于创建基于Web的Java应用程序的全面的模块化工具堆栈。 来自WebWork 2框架的Struts 2,对于重视解决难题的优雅解决方案的团队来说,是一个绝佳的选择。https://mirrors.tuna.tsinghua.edu.cn/apache/struts/struts-extras/struts2-secure-jakarta-multipart-parser-plugin/1.1/
struts2-secure-jakarta-multipart-parser-plugin-1.1-source-release.zip
内容介绍
评论
相关推荐
- apache struts pdfapache struts pdf, how to use struts and how to build struts projects
- apache struts2apache struts2, what's the spring, and how do we use it
- Apache-Struts-v4Apache-Struts-v4 脚本脚本第5章常规的RCE和ApacheStruts的常规用法。 通过PHP即时安装单独的contiene la capacidad。 CVE添加 CVE ID 描述 CVE-2013-2251 Apache Struts 2.0.0至2.3.15允许远程攻击者通过带有...
- Apache+Struts2验证Apache+Struts2验证工具,简单快捷的验证是否存在漏洞,安全工程师好帮手
- Struts-APIApache Struts Framework (Version 1.2.9)
- Practical Apache Struts2 Web 2.0 Projectsstruts 2的api查询文档, Ian Roughley 写的APress - Practical Apache Struts2 Web 2.0 Projects.2007.pdf 是外文的,正好可以锻炼下英文阅读
- example-apache-strutsexample-apache-struts 跑步 http://localhost:8080/example-apache-struts/index.action
- Apache Struts Framework (Version 1.2.7).Apache Struts Framework (Version 1.2.7).
- org.apache.struts缺少所需包import org.apache.struts.action.ActionForm;import org.apache.struts.action.ActionForward;import org.apache.struts.action.ActionMapping;import org.apache.struts.actions.DispatchAction等缺少
- apache strutsapache struts
最新资源