UPDATE:9/12/2018 – DocuSign and Apache Struts Security Alert Status

Apache issued a security alert on August 22nd, 2018 for Struts, an open source framework for creating Java web applications.  Under specific configuration there is possibility of Remote Code Execution that can be exploited by visiting a crafted URL.

DocuSign does not use Apache Struts within our DocuSign services or our Digital Transaction Management platform.

For more information, you can reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776 or https://struts.apache.org/docs/s2-057.html.