-
Bug
-
Resolution: Done
-
Highest
-
Istanbul Release, Jakarta Release
RCE vulnerability in the Spring Framework.
It is critical severity, number: CVE-2022-22965.
It mainly affects WAR distribution – so not confirmed relevant for us, but currently it is not known what else may be affected.
Here is further info about it https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
Fortunately, Spring Boot 2.6.6 version fixes it.
- relates to
-
CCSDK-3660 Verify Readiness of Release Artifacts
- Closed
-
CCSDK-3742 Cherry-pick the recent changes into Jakarta Release
- Closed
-
SDNC-1706 Verify Readiness of Release Artifacts
- Closed