Apache Struts Security Bulletins S2-067 - File upload logic is flawed, and allows an attacker to enable paths with traversals - similar problem as reported in S2-066 セキュリティホールmemo