Hi,
comments inline
On 08/04/2022 18:41, DONNELL M GARRETT wrote:
On March 31, 2022 a pair of significant vulnerabilities were identified in the
Java Spring Framework which would allow an attacker to execute malicious code.
* CVE-2022-22963 - https://tanzu.vmware.com/security/cve-2022-22963
* CVE-2022-22965 - https://tanzu.vmware.com/security/cve-2022-22965
It is critical for all of our vendors to determine if their software is
impacted so that remediation steps can be taken. We need your company to
respond to the following questions immediately:
* Is your product impacted by CVE-2022-22963 or CVE-2022-22965?
Mosty of our projects aren't impacted. We are investigating the
fortress-enmasse library.
* Is your product built on Java?
yes
* Does your product depend on the Spring Cloud Function project? If so,
what version?
no
* Does your product depend on Spring Framework? If so, what version?
fortress-enmasse is using springframework 5.3.17. We are currently
assessing the risks and will cut a release asap if needed.
* Does the product require JDK 9 or higher?
No, Java8 atm.
* Does the product have a dependency on spring-webmvc?
no
* Does the product have a dependency on spring-webflux?
no
--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com https://www.busit.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@directory.apache.org
For additional commands, e-mail: users-h...@directory.apache.org
