On March 6th, a new remote code execution (RCE) vulnerability in Apache Struts 2 was made public.
This recent vulnerability, CVE-2017-5638, allows a remote attacker to inject operating system commands into a web application through the “Content-Type” header. Written in Java, Apache Struts 2 is the popular open source web application framework.

SMG does not use "Struts 2", which is the component identified in the vulnerability.