https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

 

Spring Framework RCE, Early Announcement

<p><strong>Updates</strong> </p> <ul> <li><strong>[04-01 16:35 BST]</strong> Updated <a href="#am-i-impacted">Am I Impacted</a> with additional notes</li> <li><strong>[04-01 13:05 BST]</strong> Updated <a href="#suggested-workarounds">Suggested Workarounds

spring.io

 

 

Spring Framework RCE, Early Announcement

 

 

MARCH 31, 2022

 

Updates

  • [04-01 16:35 BST] Updated Am I Impacted with additional notes
  • [04-01 13:05 BST] Updated Suggested Workarounds section for Apache Tomcat upgrades and Java 8 downgrades
  • [04-01 12:51 BST] Apache Tomcat releases versions 10.0.20, 9.0.62, and 8.5.78 which close the attack vector on Tomcat’s side, see mitigation alternative
  • [03-31 15:40 BST] Spring Boot 2.6.6 is available
  • [03-31 14:38 BST] Spring Boot 2.5.12 is available
  • [03-31 14:00 BST] CVE-2022-22965 is published
  • [03-31 13:03 BST] Added section “Misconceptions”
  • [03-31 12:34 BST] Added section “Am I Impacted”
  • [03-31 12:11 BST] Fix minor issue in the workaround for adding disallowedFields
  • [03-31 11:59 BST] Spring Framework versions 5.3.18 and 5.2.20, which address the vulnerability, are now available. The release process for Spring Boot is in progress

 

--------------------------------------

KISA 공지

https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=66592&queryString=cGFnZT0xJnNvcnRfY29kZT0mc29ydF9jb2RlX25hbWU9JnNlYXJjaF9zb3J0PXRpdGxlX25hbWUmc2VhcmNoX3dvcmQ9c3ByaW5n

저작자표시

'spring' 카테고리의 다른 글

org.springframework.cloud.config.server.environment.NoSuchLabelException: No such label: main  (0) 2022.04.15
[no main manifest attribute] 오류  (0) 2022.04.07
spring-boot-maven-plugin not found 해결 방법  (0) 2022.04.04
“Dynamic Web Module 3.1 requires Java 1.7 or newer” 오류 해결  (0) 2015.11.23
[error] 환경설정 변경 또는 임포트한 프로젝트 에러 => (The superclass "javax.servlet.http.HttpServlet" was not found on the Java Build Path...)  (0) 2015.11.23

+ Recent posts

티스토리툴바