Spring is a very popular application framework that allows software developers to quickly and easily develop Java applications with enterprise-level features. These applications can then be deployed on servers, such as Apache Tomcat, as stand-alone packages with all the required dependencies.
To help keep customers informed of our latest responses to the Spring4Shell issue, we have created an events table to detail the key steps we have/are taking;
Date | Event |
|---|---|
| We became aware of a vulnerability known as Spring4Shell (CVE-2022-22963), and closely monitoring this |
The vulnerability requires JDK 9+ (we use 8 at the moment).
The vulnerability requires a version of Tomcat prior to the very latest release (8.5.78 - we will be making an upgrade available as soon as possible).
The spring cloud vulnerability mentioned is something different and does not affect the Dashboard. Rest assured we are monitoring this and will move quickly if we have any reason to suspect it would affect the Dashboard.