Remove struts from OpenMRS WAR

[PhilipAdeoye]

struts-core-1.3.8.jar has reached end of life and is now obsolete. IU requires it be removed for security reasons

[bmamlin]

This worked to remove struts from the openmrs.war:

$ unzip -l openmrs.war | grep -i strut
   328896  03-08-2017 12:09   WEB-INF/lib/struts-core-1.3.8.jar
   251521  03-08-2017 12:09   WEB-INF/lib/struts-taglib-1.3.8.jar
   119653  03-08-2017 12:09   WEB-INF/lib/struts-tiles-1.3.8.jar

$ zip -d openmrs.war WEB-INF/lib/struts-core-1.3.8.jar WEB-INF/lib/struts-taglib-1.3.8.jar WEB-INF/lib/struts-tiles-1.3.8.jar

$ unzip -l openmrs.war | grep -i strut

[bmamlin]

I was trying to figure out how we could upload a new WAR and accidentally took down the SPHERE portal in the process. It turns out the script to deploy tomcat works differently than I understood. It loads a new war file from /data/tomcat_stage/. So, by running it with that folder empty, it removed our app entirely. Oops.

So, as I was fixing the problem I caused, I went ahead and deployed a version of the openmrs.war without struts libraries (following the steps above). So, production is now running a version of openmrs.war with the struts libraries removed. Closing this ticket.