apache struts deletion from netbeans due to CVE-2023-50164

[jocelyn44]

Description

Hello,

In my company we've been aked to delete all struts modules because of CVE-2023-50164, maybe it should be deleted by default from netbeans ? Or at least updated ?

Use case/motivation

No response

Related issues

No response

Are you willing to submit a pull request?

No

[mbien]

the struts lib wrapper would be here:
https://github.com/apache/netbeans/blob/master/enterprise/web.struts/external/binaries-list

if I see this correctly, this would be struts 1 which is super old and was replaced by struts 2.

I take a look if we can remove it