Wait, this can't be right...
Any time there's a vulnerability in @TheApacheStruts, users must not only update the Struts installation on a system, but also the copies of Struts libraries that are installed within each web app??
https://svn.apache.org/repos/infra/websites/production/struts/content/docs/create-struts-2-web-application-with-artifacts-in-web-inf-lib-and-use-ant-to-build-the-application.html#CreateStruts2WebApplicationWithArtifactsInWEB-INFlibandUseAntToBuildTheApplication-Step3-AddStruts2JarFilesToClassPath …pic.twitter.com/oYVnq3yGrF