Apache Struts 2.5.26 releases: fix RCE vulnerability