Ars Technica

Serving xml files in a java/struts webapp?

I'm no Struts expert, but my guess is that Struts adds a Servlet Mapping for anything in the context that ends in .xml.
Bleeping Computer

Critical Apache Struts RCE vulnerability wasn't fully fixed, patch now

Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolved but, as it turns out, wasn't fully remedied. As such, Cybersecurity ...