The Apache
Struts Project Team would like to inform you that the Struts 1.x web framework has reached its end of life and is no longer officially supported.
Started in 2000, Struts 1 had its last release - version 1.3.10 - in December 2008. In the meantime the Struts community has focused on pushing the Struts 2 framework forward, with as many as 23 releases as of April 2013. Taking this into account, announcing Struts 1 EOL is just the official statement that we have been lacking volunteer support for some time now and that users should not rely on a properly maintained framework state when utilizing Struts 1 in projects.
Read More Here
On Tue, 29 Apr 2014, the Struts developers confirmed that Struts is vulnerable to a class loader exploit:
The Apache Struts project team confirms that Struts 1 in all versions is
affected by a ClassLoader manipulation vulnerability similar to a
recently fixed vulnerability in Struts 2 (CVE-2014-0112, CVE-2014-0094) [1].
See here
There is currently no fix.