Skip to end of banner
Go to start of banner

Vulnerability Update - Spring4Shell

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Background

Spring is a very popular application framework that allows software developers to quickly and easily develop Java applications with enterprise-level features. These applications can then be deployed on servers, such as Apache Tomcat, as stand-alone packages with all the required dependencies.

Events

To help keep customers informed of our latest responses to the Spring4Shell issue, we have created an events table to detail the key steps we have/are taking;

Date

Event

We became aware of a vulnerability known as Spring4Shell (CVE-2022-22963), and closely monitoring this

The vulnerability requires JDK 9+ (we use 8 at the moment).

The vulnerability requires a version of Tomcat prior to the very latest release (8.5.78 - we will be making an upgrade available as soon as possible).

The spring cloud vulnerability mentioned is something different and does not affect the Dashboard. Rest assured we are monitoring this and will move quickly if we have any reason to suspect it would affect the Dashboard.

  • No labels