Spring Framework: "Spring4Shell" Vulnerability Announcement (CVE-2022-22965)
Vlad Trofimov
started a topic
about 1 month ago
Leostream would like to reassure our customers that their Leostream environment is not subject to the Spring Framework Remote Code Execution Vulnerability (also known as “Spring4Shell” or “SpringShell”).
- The Leostream Connection Broker, Leostream Agent for Windows, Leostream Connect client for Windows, and Leostream License Server do not have Java dependencies.
- The Linux/macOS versions of the Leostream Agent and Leostream Connect client do have Java dependencies, however they do not use the Spring Framework package.
- The Leostream Gateway does depend on packages that include the Spring Framework; however, is not impacted because JDK 9+ is not used.
If you have further questions or concerns about your Leostream environment, please reach out to support@leostream.com.
Vlad Trofimov
Leostream would like to reassure our customers that their Leostream environment is not subject to the Spring Framework Remote Code Execution Vulnerability (also known as “Spring4Shell” or “SpringShell”).
- The Leostream Connection Broker, Leostream Agent for Windows, Leostream Connect client for Windows, and Leostream License Server do not have Java dependencies.
- The Linux/macOS versions of the Leostream Agent and Leostream Connect client do have Java dependencies, however they do not use the Spring Framework package.
- The Leostream Gateway does depend on packages that include the Spring Framework; however, is not impacted because JDK 9+ is not used.
If you have further questions or concerns about your Leostream environment, please reach out to support@leostream.com.