Bleeping Computer

New Apache Struts Vulnerability Puts Many Fortune Companies at Risk

An estimated 65% of Fortune 100 companies could be vulnerable to a security bug discovered in Apache Struts, a popular Java MVC framework used in the development of many top-grade enterprise ...
Ars Technica

Serving xml files in a java/struts webapp?

I'm no Struts expert, but my guess is that Struts adds a Servlet Mapping for anything in the context that ends in .xml.