Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Highest
Fix Version/s: Jakarta Release
Affects Version/s: Istanbul Release, Jakarta Release
Component/s: parent
Labels:

Epic Link:
A1 Adapter and A1 Policy Managements Enhancements in Jakarta Release - CCSDK

RCE vulnerability in the Spring Framework.

It is critical severity, number: CVE-2022-22965.

It mainly affects WAR distribution – so not confirmed relevant for us, but currently it is not known what else may be affected.

Here is further info about it https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

Fortunately, Spring Boot 2.6.6 version fixes it.

relates to

CCSDK-3660 Verify Readiness of Release Artifacts

Closed

CCSDK-3742 Cherry-pick the recent changes into Jakarta Release

Closed

SDNC-1706 Verify Readiness of Release Artifacts

Closed

Assignee:: John Keeney

Reporter:: John Keeney

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 04/Apr/22 9:53 AM

Updated:: 26/Aug/22 2:14 PM

Resolved:: 13/May/22 9:51 AM