According to the announcement from Spring <https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#suggested-workarounds>, one workaround is to upgrade Tomcat until you can upgrade your CAS instance to a supported version.
"For older, unsupported Spring Framework versions, upgrading to Apache Tomcat *10.0.20*, *9.0.62*, or *8.5.78*, provides adequate protection. However, this should be seen as a tactical solution, and the main goal should be to upgrade to a currently supported Spring Framework version as soon as possible." On Friday, April 1, 2022 at 7:41:49 AM UTC-7 [email protected] wrote: > Our online CAS is running on 6.2.4, would you like to let me know if > there are some ways to fix CVE-2022-22965 which is fixed in spring 5.3.18 > and 5.2.20? Thank you very much. > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fed10423-4c0a-4703-9d8a-e9bb507da2c1n%40apereo.org.
