Spring core framenwork 0day vulnerability
4 views
Skip to first unread message
Thijs Kinkhorst
Mar 31, 2022, 5:08:29 AM3/31/22
to openc...@googlegroups.com
Hi all,
A 0day vulnerability has been published in the Spring Core Framework,
"Spring4Shell".
https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/
OpenConext uses Spring framework in several applications. As far as is
known know, it's required to use JDK >= 9. OpenConext has only recently
started upgrading apps from JDK 8. If you have not been upgrading to the
most recent versions released in February, you should be safe in any case.
The following versions are built with JDK 8 and should hence be safe:
OIDCNG: < 6
OIDC Playground: < 3
Manage: < 7
PDP: < 4
Teams: < 9
Voot: < 5
Myconext: < 6
Dashboard: < 12
We are investigating the impact on the apps that have upgraded to JDK
11. We assume most of you do not run the JDK 11 versions yet. If you are
running any of those, please contact us to so we can coordinate.
Kind regards,
Thijs
A 0day vulnerability has been published in the Spring Core Framework,
"Spring4Shell".
https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/
OpenConext uses Spring framework in several applications. As far as is
known know, it's required to use JDK >= 9. OpenConext has only recently
started upgrading apps from JDK 8. If you have not been upgrading to the
most recent versions released in February, you should be safe in any case.
The following versions are built with JDK 8 and should hence be safe:
OIDCNG: < 6
OIDC Playground: < 3
Manage: < 7
PDP: < 4
Teams: < 9
Voot: < 5
Myconext: < 6
Dashboard: < 12
We are investigating the impact on the apps that have upgraded to JDK
11. We assume most of you do not run the JDK 11 versions yet. If you are
running any of those, please contact us to so we can coordinate.
Kind regards,
Thijs
Reply all
Reply to author
Forward
0 new messages