Spring4Shell Vulnerability

After the Log4Shell vulnerability reported in December 2021 and affecting the well known Log4 library, on March 29th an RCE vulnerability in the Spring Framework, also known as Spring4Shell, was discovered and reported to VMWare.

The Spring development team published on March 31th an announcement with the details of this vulnerability, the main requirements to be impacted and the suggested workarounds to mitigate the issue.

Even though the affected Spring libraries are deployed in Data Virtuality, the affected functionalities are not used by our software.

Nevertheless we updated the Spring Framework to the latest 5.2.20 version, which fixes the vulnerability and we will include it in the next minor releases (2.4.23 and 3.0.2) of the Data Virtuality Platform.

If you have any questions or doubts, please feel free to contact our Support Team.