...
Date | Event |
|---|---|
| We became aware of a vulnerability known as Spring4Shell (CVE-2022-22963), and we’re closely monitoring this |
The vulnerability requires JDK 9+ (we use 8 at the moment).
The vulnerability requires a version of Tomcat prior to the very latest release (8.5.78 - we will be making an upgrade available as soon as possible).
The spring cloud vulnerability mentioned is something different and does not affect the Dashboard. Rest assured we are monitoring this and will move quickly if we have any reason to suspect it would affect the DashboardCurrently, with the information available on Spring4Shell, we do not believe the Dashboard will be vulnerable. This is because of the requirement for JDK9+ which we do not yet support. In addition we will be shortly making available the very latest release of Tomcat which contains additional fixes which would provide a further layer of protection. In addition to this we are continually working on dependency upgrades to ensure the latest fixes are in place.