Stop us if you've heard this one: Remote code hijacking flaw in Apache Struts, patch ASAP
https://www.theregister.co.uk/2018/11/07/flaw_in_apache_struts/
The Apache Foundation is urging developers to update their Struts 2 installations and projects using the code – after a critical security flaw was found in a key component of the framework.
A warning this week from Apache reveals that devs should make sure their websites and other applications are running Struts versions 2.5.12, or later, to protect from exploits of CVE-2016-1000031. The vulnerability, a deserialization error that would allow unsanitized code in a Java Object to run unchecked, was found in the commons-fileupload library.