Apache Struts has released version 2.3.14.2. This version addresses a security issue. A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks.
997e378c4b860d1aa2a155b1337c65add2fa61cfb34c8b401dbef4cd54ad9b69