Sticky

Spring Core Framework Vulnerability issue

  • 1 April 2022
  • 0 replies
  • 33 views

Userlevel 1
Badge +2

Updated: 01-04-2022 16:15

 

You may have read the news, a new vulnerability is reported in the “Spring Core Framework”, which impacts Spring MVC and Spring WebFlux applications running on JDK 9+. 

With this notification, we inform you of the latest developments regarding this issue and on the additional measures USoft is taking accordingly. 

On March 31, Spring provided official confirmation and CVE-2022-22965 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965) is assigned to this vulnerability. For more detailed information, please check the links. 

 

What is Spring Framework?  
Spring-core is a prevalent framework widely used in Java applications that allows software developers to develop Java applications with enterprise-level components effortlessly. 

 

What did we do? 

In order to service our customers and partners the best way possible, we have investigated this vulnerability and the possible impact on the USoft products accordingly. We have concluded that USoft Platform, USoft Studio and USoft Solvinx do not make use of Spring.

However, it appears that part of it was included, in USoft 10 only, via a compile dependency that was not used. This dependency has now been excluded in the new USoft Platform release 10.0.1.F patch.  

 

What can you do?

Thus, although strictly not needed regarding the Spring vulnerability, upgrading to USoft 10.0.1.F makes sure not even a dependency on Java Spring exists. Note that this unused dependency does not occur in any other USoft version 9.1 and older.

The 10.0.1.F patch is planned to be released today, Friday, April 1st, late in the afternoon. The new release will be announced as always via our technical contacts at customers and partners with an email and via our community platform

 

We remain available for your assistance

In addition, when you have any questions concerning your specific USoft application, application architecture and infrastructure, please do not hesitate to contact us directly. Our experts are available to assist in evaluating your situation and provide additional advice or support if needed. 

Our customer success team is ready to answer your questions. 

 


0 replies

Be the first to reply!

Reply