vulnerability Spring4Shell

15 views
Skip to first unread message

Tiago Fortunato Costa

unread,
Apr 19, 2022, 3:34:01 PM4/19/22
to AtoM Users
good afternoon everyone, I would like to ask if the Spring4Shel vulnerability. Affects the ATOM.

Dan Gillean

unread,
Apr 20, 2022, 8:39:00 AM4/20/22
to ICA-AtoM Users
Hi Tiago, 

Thanks for the question! 

I've asked for an initial analysis from our Security expert, but we'll continue looking into this. However, so far I would say that if you are following AtoM's recommended installation instructions, this vulnerability should not impact AtoM. We do not use the Spring framework in AtoM, and we do not recommend Apache Tomcat for use as an application server (another prerequisite for the vulnerability).

As I said, we'll continue monitoring this, since AtoM does require Java to support Elasticsearch, but as of now there is no impact from Spring4Shell. 

Cheers, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056
@accesstomemory
he / him


On Tue, Apr 19, 2022 at 3:34 PM Tiago Fortunato Costa <tiago.fo...@gmail.com> wrote:
good afternoon everyone, I would like to ask if the Spring4Shel vulnerability. Affects the ATOM.

--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/b947e11c-a791-404f-acac-370d81bbb021n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages