» Published on Thu, 07 Apr 2022 09:40:00 +0000

• In Progress

  Important info about the JAVA Spring Framework 0-Day RCE Bug

  On March 30, 2022 a critical security vulnerability, CVE-2022-22965 (Spring4Shell, SpringShell) was disclosed in the Java Spring framework used within the PoolParty Semantic Suite version 8.1.5 and before.

  To mitigate the vulnerability w e will provide a 8.1.6 Hotfix version of PoolParty Semantic Suite upgrading the Apache Tomcat version to 9.0.62 as suggested by the vendor. In Tomcat 9.0.62 specific class implementation was refactored in a way that provides adequate protection for the CVE exploitation.

  PoolParty 8.1.6 was released on April 11th 2022 and has been deployed to all cloud customers and is available for download for on-premise customers.

  To fully remediate the issue we will update the Spring framework version used by PoolParty Semantic Suite with the next major release of PoolParty.

  » Updated Thu, 07 Apr 2022 09:40:00 +0000