The Spring4Shell (CVE-2022-22965) critical severity vulnerability in Spring Framework allows remote code execution (RCE). At time of writing, it can be exploited only in very specific scenarios. However, Spring have made a patch available (Spring Framework version 5.3.18 and 5.2.20) and I strongly advise you to take them, even if you’re not running the exploitable setup.
Read moreDon’t Panic!
Stuart 'Stevie' Leitch's blog on Software Development, Java Technologies, Security and TestingArchives
Tags
apm appdynamics archetype BCrypt blame BotFramework bug ci container DBUnit deploy docker Dockerfile Docker Hub eclipse github hash hibernate image integration test jetty jsp junit maven microservice mistake MockMVC MySQL netbeans node.js Rule Security SOAP spanners spring Spring-WS spring boot spring mvc spring security tapestry test testing tomcat unit test windowsLegal
Don't Panic! blog and example code by Stuart 'Stevie' Leitch is licensed under a Creative Commons Attribution 3.0 Unported License.The views expressed on this blog are my own and do not necessarily reflect the views of my employers, past or present.