Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            1391 - Spring4Shell vulnerability

            Modified on Mon, 21 Jul at 12:56 PM

            Background

            On 31 March 2022, a vulnerability within the Spring Framework was disclosed. Further detail regarding this vulnerability can be found here.

            Redstor was not affected by any known vulnerabilities relating to Spring4Shell (CVE-2022-22965), given that the vulnerability requires an application to run on Apache Tomcat, which is not a use case or configuration employed by Redstor.

             

            Mitigation

            While the Redstor ESE agent does include some of the affected libraries, we have made the decision, in line with best practice, to upgrade to Spring Framework 5.3.18, which remediates the known vulnerability. Redstor ESE version 22.4.11.18121 will contain the upgraded version of the affected libraries. This release is currently in preview and will be made generally available by the end of April 2022.

            Other Redstor software components do not make use of these libraries and therefore do not require mitigation.

             

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0