Background
On 31 March 2022, a vulnerability within the Spring Framework was disclosed. Further detail regarding this vulnerability can be found here.
Redstor was not affected by any known vulnerabilities relating to Spring4Shell (CVE-2022-22965), given that the vulnerability requires an application to run on Apache Tomcat, which is not a use case or configuration employed by Redstor.
Mitigation
While the Redstor ESE agent does include some of the affected libraries, we have made the decision, in line with best practice, to upgrade to Spring Framework 5.3.18, which remediates the known vulnerability. Redstor ESE version 22.4.11.18121 will contain the upgraded version of the affected libraries. This release is currently in preview and will be made generally available by the end of April 2022.
Other Redstor software components do not make use of these libraries and therefore do not require mitigation.
Should you have any questions regarding Spring4Shell, please contact our team at support@redstor.com.
Comments
0 comments
Please sign in to leave a comment.