is geode impacted by last RCE vulnerability in the Spring Framework

Question

is geode impacted by last RCE vulnerability in the Spring Framework ? vulnerability details : https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

geode 1.14.2 has below dependencies - should spring framework used by geode upgraded to 5.3.18 ? [1]: https://i.stack.imgur.com/U6Hi6.png

score 0 · Answer 1 · answered Apr 04 '22 at 08:44

0

Please have a look at GEODE-10201, it contains the information you're looking for.

answered Apr 04 '22 at 08:44

Juan Ramos

thanks for share - geode is not using tomcat - so not impacted by the vulnerability – user2283006 Apr 04 '22 at 09:05

1 Answers1