TL;DR Apache Fortress is not affected by the Spring Framework RCE via Data Binding on JDK 9+, a.k.a. Spring4Shell.
Longer version We don't use Spring anywhere in the Core or Realm. Spring is used in Web and Rest, but only the spring-webmvc and spring-webflux[1] artifacts are affected and they aren't used anywhere in the fortress codeline. — Shawn [1]https://tanzu.vmware.com/security/cve-2022-22965 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
