This plugin provides a safe implementation of the Jakarta Multipart parser from the Struts Core. It can be used to mitigate vulnerability described in the S2-045 Security Bulletin.
You should use this plugin in case you are not able to migrated to the latest Struts version.
This plugins can be used with the Apache Struts versions 2.5.8 till 2.5.5, if you are running the Apache Struts 2.5.8+ you must migrate to the latest version which is Struts 2.5.10.1.
Just drop the jar into WEB-INF/libs
folder and restart your application, you can use on of the existing PoCs to test if everything is ok.
If you are using Maven to build your project, please add the following dependency into your pom:
<dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-secure-jakarta-multipart-parser-plugin</artifactId> <version>[VERSION]</version> </dependency>
Please be aware that this is just a temporary solution, you should consider migration to the latest version anyway.