A patch just released https://apereo.github.io/2022/03/31/spring-vuln/
On Thu, Mar 31, 2022 at 12:08 PM Baron Fujimoto <[email protected]> wrote: > I haven't seen any mention of this on the list yet, but it has been > recently disclosed that applications based on Spring and Java9+ may be > vulnerable to severe RCEs. > > Refs: > • < > https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement> > • <https://tanzu.vmware.com/security/cve-2022-22965> > • <https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/> > > It appears that CAS 6 may be vulnerable. Our CAS 6.3.7.4 at least appears > to use spring-core-5.3.8.jar. Is there any info available on planned > patches to address these issues? > -- > Baron Fujimoto <[email protected]> :: UH Information Technology Services > minutas cantorum, minutas balorum, minutas carboratum desendus pantorum > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL3PrjJ-L4v-diZ-4U8ehrBMSp%3DYA2j97XfZUXSjYYLSYw%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL3PrjJ-L4v-diZ-4U8ehrBMSp%3DYA2j97XfZUXSjYYLSYw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- Best Regards, Mohamed M. Aboulela -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJqmctGAQMsEoce1PbdjX5XsRCP3VNfp%3DV-OqS8yu4M_sv-%3D2Q%40mail.gmail.com.
