In Struts 126.96.36.199, an issue with ClassLoader manipulation via request
parameters was supposed to be resolved. Unfortunately, the correction
A security fix release fully addressing this issue is in preparation and
will be released as soon as possible.
Once the release is available, all Struts 2 users are strongly
recommended to update their installations.
* Until the release is available, all Struts 2 users are strongly
recommended to apply the mitigation described in  *
Please follow the Apache Struts announcement channels  to
stay updated regarding the upcoming security release. Most likely the
release will be available within the next 72 hours. Please prepare for
upgrading all Struts 2 based production systems to the new release
version once available.