-
Roadmap
-
Knowledgebase Documents
-
Installation and System Setup
-
Setup Data Catalog
-
Connectors
-
Data Discovery
-
Self Service
-
Access Management
-
Data Quality
-
Data Literacy
-
Privacy Compliance
-
Reporting
-
Architecture, Security & Releases
-
Developer's Zone
-
Advanced Tools
-
Record of Processing Activities (ROPA)
-
Others
-
Release6.0 User Guide
-
Release6.1 Features
-
Data Catalog
-
News
-
Deactivated_Old
Spring4Shell Security Vulnerability
(CVE-2022-22965) Press Release
On March 30, 2022, a critical remote code execution (RCE) vulnerability was found in the Spring Framework (Spring Core and the other in Spring Cloud Functions). More specifically, it is part of the spring-beans package, a transitive dependency in both spring-webmvc and spring-webflux
We want to reassure all our customers that the OvalEdge product is not impacted by this vulnerability.
Anyone using Spring on Java 9 or newer, especially those using TomCat are impacted by this vulnerability. Java 8 does not appear to be vulnerable and OvalEdge uses Java 8 for the development of it's product.
For more information:
https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/
Anyone using Spring on Java 9 or newer, especially those using TomCat. Java 8 does not appear to be vulnerable.
https://snyk.io/blog/spring4shell-zero-day-rce-spring-framework-explained/