UPDATE:9/6/2017 – DocuSign and Apache Struts Security Alert Status

Apache issued a security alert on September 5, 2017 for Struts, an open source framework for creating Java web applications.  The component performs unsafe deserialization and could lead to a remote code execution vulnerability.

DocuSign does not use Apache Struts within our DocuSign services or our Digital Transaction Management platform.

For more information, you can reference:  https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805 or https://struts.apache.org/docs/s2-052.html.