[upstarter]

> 1. Understand which supporting frameworks and libraries are used in your software products and in which versions. Keep track of security announcements affecting this products and versions.

This issue is solved by having your server OS download and install security updates automatically, which amounts to more or less uncommenting 1 line of config.

Edit: Downvoter(s), please comment.

[solomatov]

I am not the downvoter (and I didn't donwvote you) but I explain why it won't help. Struts is packaged as a jar file which is distributed inside of the war file which is basically application. The struct's jar is an essential part of the application and it can't be updated separately by the OS.

[wglb]

With respect to This issue is solved I suggest rewording it as This issue is partially solved, since in almost any real-world large web application, there is a significant number of third-party libraries that won't be automatically updated.