Leostream would like to reassure our customers that their Leostream environment is not subject to the Spring Framework Remote Code Execution Vulnerability (also known as “Spring4Shell” or “SpringShell”).
- The Leostream Connection Broker, Leostream Agent for Windows, Leostream Connect client for Windows, and Leostream License Server do not have Java dependencies.
- The Linux/macOS versions of the Leostream Agent and Leostream Connect client do have Java dependencies, however they do not use the Spring Framework package.
- The Leostream Gateway does depend on packages that include the Spring Framework; however, is not impacted because JDK 9+ is not used.
If you have further questions or concerns about your Leostream environment, please reach out to firstname.lastname@example.org.