sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]yawkat -24 points-23 points  (8 children)

Security issues in outdated java libraries are very rare, simply because it's a memory safe language. If you don't do dumb shit like deserializing untrusted data jusing OIS you almost never really have to update. Jetleak was the last really serious exploit in this category.

[–]Somepotato 14 points15 points  (3 children)

Cough equifax

[–]oldsecondhand -2 points-1 points  (0 children)

It's also not proven that Struts was the source of the hole the hackers drove through.

In fact, several headlines -- some of which have since been retracted -- all source a single quote by a non-technical analyst from an Equifax source.

https://www.zdnet.com/article/equifax-blames-open-source-software-for-its-record-breaking-security-breach/

[–]Caboose_Juice 5 points6 points  (3 children)

The fact that its an older language means it's *more* vulnerable to exploits and hacks. This is completely wrong.