Wasn't Struts how Equifax got breached?<div><span style="font-size:15px"><br></span></div><div><span style="font-size:15px">Mike</span></div><div><span style="font-size:15px"><br></span><br>On Wednesday, January 3, 2018, Rick Moen <<a href="mailto:rick@linuxmafia.com">rick@linuxmafia.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I don't know why I'm suddenly being nice to Morgan Stanley & Co. LLC, but there<br>
you have it.<br>
<br>
----- Forwarded message from "Baskin, Mikhail" [an address at <a href="http://morganstanley.com" target="_blank">morganstanley.com</a>] -----<br>
<br>
Date: Wed, 3 Jan 2018 17:49:28 +0000<br>
From: "Baskin, Mikhail" [an address at <a href="http://morganstanley.com" target="_blank">morganstanley.com</a>]<br>
To: "<a href="mailto:respond-auto@linuxmafia.com">respond-auto@linuxmafia.com</a>" <<a href="mailto:respond-auto@linuxmafia.com">respond-auto@linuxmafia.com</a>><br>
Subject: Struts latest release<br>
<br>
Hi Rick.<br>
We at Morgan Stanley using Struts 1 for our Java application.<br>
I am trying to justify a project to rewrite to Java 2.<br>
The management ask me to find out "the deadline" Struts 1 can not be used anymore.<br>
<br>
Can you, please, give us approximate date ?<br>
<br>
Thanks.<br>
Mikhail Baskin.<br>
[cid:image001.jpg@01D384BA.<wbr>333B3CA0]<br>
<br>
______________________________<wbr>__<br>
<br>
NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. If you have received this communication in error, please destroy all electronic and paper copies and notify the sender immediately. Mistransmission is not intended to waive confidentiality or privilege. Morgan Stanley reserves the right, to the extent required and/or permitted under applicable law, to monitor electronic communications, including telephone calls with Morgan Stanley personnel. This message is subject to the Morgan Stanley General Disclaimers available at the following link: <a href="http://www.morganstanley.com/disclaimers" target="_blank">http://www.morganstanley.com/<wbr>disclaimers</a>. If you cannot access the links, please notify us by reply message and we will send the contents to you. By communicating with Morgan Stanley you acknowledge that you have read, understand and consent, (where applicable), to the f<br>
oregoing and the Morgan Stanley General Disclaimers.<br>
<br>
<br>
<br>
----- End forwarded message -----<br>
----- Forwarded message from Rick Moen <<a href="mailto:rick@linuxmafia.com">rick@linuxmafia.com</a>> -----<br>
<br>
Date: Wed, 3 Jan 2018 12:43:51 -0800<br>
From: Rick Moen <<a href="mailto:rick@linuxmafia.com">rick@linuxmafia.com</a>><br>
To: "Baskin, Mikhail" [an address at <a href="http://morganstanley.com" target="_blank">morganstanley.com</a>]<br>
Subject: Re: Struts latest release<br>
Organization: If you lived here, you'd be $HOME already.<br>
<br>
Quoting Baskin, Mikhail [an address at <a href="http://morganstanley.com" target="_blank">morganstanley.com</a>]:<br>
<br>
> Hi Rick.<br>
> We at Morgan Stanley using Struts 1 for our Java application.<br>
> I am trying to justify a project to rewrite to Java 2.<br>
> The management ask me to find out "the deadline" Struts 1 can not be used anymore.<br>
><br>
> Can you, please, give us approximate date ?<br>
<br>
I'm sorry to say, Mr. Baskin, that I'm the wrong person to ask. The<br>
e-mail address at which you reached me, "<a href="mailto:respond-auto@linuxmafia.com">respond-auto@linuxmafia.com</a>",<br>
appears in exactly one place, at the top of an online essay, 'How to Ask<br>
Questions the Smart Way' I co-wrote with Eric S. Raymond. I am<br>
guessing that a J2EE project's Web help pages hyperlinks to Eric's and my<br>
essay on Eric's Web site, which you assumed was part of that J2EE<br>
project's help pages, and clicked on my author link to ask my help.<br>
<br>
In fact, I think I just found the link you must have followed. It's<br>
at <a href="https://struts.apache.org/mail.html" target="_blank">https://struts.apache.org/<wbr>mail.html</a> , near page bottom.<br>
<br>
Unfortunately, although I'm involved with the software industry<br>
(DevOps), I have no connection to J2EE and no knowledge of when Struts<br>
v. 1 will be end-of-lifed. I'm merely co-author of an essay.<br>
<br>
Web-searching 'struts 1 eol' finds various possible links including:<br>
<a href="https://struts.apache.org/struts1eol-announcement.html" target="_blank">https://struts.apache.org/<wbr>struts1eol-announcement.html</a><br>
<br>
I infer an answer to your question -- but please bear in mind I'm<br>
speaking an educated guess as an outsider, and my answer has absolutely<br>
zero authority: You can still use Struts 1 indefinitely but at your<br>
peril, because it ceased having security and bug fixes effective<br>
April 5, 2013. Since then, almost five years, it has been completely<br>
unmaintained.<br>
<br>
Apache Foundation offers Struts 2 as a replacement Web framework, and<br>
credibly claims it is mature, modern, well featured, and well<br>
maintained. The difficulty, of course, is that it's not even remotely<br>
close to a drop-in replacement. Alternatives, as they say on the link<br>
cited above, include Spring Web MVC, Grails, and Stripe.<br>
<br>
I hope this guesstimated answer on my part proves useful, and wish you<br>
good fortune with the softwar engineering effort.<br>
<br>
For reference, 'How to Ask Questions the Smart Way' is at<br>
<a href="http://www.catb.org/~esr/faqs/smart-questions.html" target="_blank">http://www.catb.org/~esr/faqs/<wbr>smart-questions.html</a><br>
<br>
--<br>
Cheers, « Le doute n'est pas une état bien agréable, mais<br>
Rick Moen l'assurance est un état ridicule. » ("Doubt is not<br>
<a href="mailto:rick@linuxmafia.com">rick@linuxmafia.com</a> a pleasant condition, but certainty is absurd.')<br>
McQ! (4x80) -- Voltaire<br>
<br>
----- End forwarded message -----<br>
<br>
______________________________<wbr>_________________<br>
conspire mailing list<br>
<a href="mailto:conspire@linuxmafia.com">conspire@linuxmafia.com</a><br>
<a href="http://linuxmafia.com/mailman/listinfo/conspire" target="_blank">http://linuxmafia.com/mailman/<wbr>listinfo/conspire</a><br>
</blockquote></div>