Among the many patches this month are multiple products being updated to fix an Apache Struts vulnerability that was publicly disclosed in March 2017.
Sean Michael Kerner of eWeek writes:
Oracle released its’ largest security update ever on April 18, providing fixes for 299 vulnerabilities across Oracle’s software portfolio.
The previous record for Oracle vulnerabilities fixed in a single update was 276 patches in the July 2016 critical patch update. Oracle patched 270 vulnerabilities in its January 2017 update, bringing the total number of vulnerabilities patched this year to 569.
While the total number of vulnerabilities patched this month is somewhat surprising, there are other surprises as well.
“The fact that we’re still addressing vulnerabilities associated with Struts v1 and Apache Commons years after the issues were first raised is surprising and troubling,” John Matthew Holt, Waratek CTO, told eWEEK. “The Struts 2 patch is less surprising since it was just announced in March 2017, but no less troubling as it points to the continuing issues associated with third party software components.”