[jira] [Commented] (RANGER-3691) Upgrade spring to 5.3.18 CVE-2022-22965

Christian Pfarr (Jira) Wed, 06 Apr 2022 07:32:10 -0700


    [ 
https://issues.apache.org/jira/browse/RANGER-3691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17518176#comment-17518176
 ]


Christian Pfarr commented on RANGER-3691:
-----------------------------------------

Hey guys,

would it be possible to create a 2.2.1 release? 

i´ve built it on my own based on 2.2.0 and everything works with spring 5.3.18 
but an official release would help others maybe.

Regards,

Christian

> Upgrade spring to 5.3.18 CVE-2022-22965
> ---------------------------------------
>
>                 Key: RANGER-3691
>                 URL: https://issues.apache.org/jira/browse/RANGER-3691
>             Project: Ranger
>          Issue Type: Bug
>          Components: admin, kms
>            Reporter: kirby zhou
>            Assignee: kirby zhou
>            Priority: Blocker
>             Fix For: 3.0.0
>
>
> [https://tanzu.vmware.com/security/cve-2022-22965|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965]
> [https://github.com/spring-projects/spring-framework/releases]
>  
> Spring has a new 0day Remote-Code-Execution problem, related to spring-beans 
> and JDK9+
> Fixed at spring 5.3.18 / 5.2.20
>  



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (RANGER-3691) Upgrade spring to 5.3.18 CVE-2022-22965

Reply via email to