Spring Framework: "Spring4Shell" Vulnerability Announcement (CVE-2022-22965)

Posted almost 2 years ago by Vlad Trofimov

  • Topic is Locked
Vlad Trofimov
Vlad Trofimov Admin

Leostream would like to reassure our customers that their Leostream environment is not subject to the Spring Framework Remote Code Execution Vulnerability (also known as “Spring4Shell” or “SpringShell”).

- The Leostream Connection Broker, Leostream Agent for Windows, Leostream Connect client for Windows, and Leostream License Server do not have Java dependencies.

- The Linux/macOS versions of the Leostream Agent and Leostream Connect client do have Java dependencies, however they do not use the Spring Framework package.

- The Leostream Gateway does depend on packages that include the Spring Framework; however, is not impacted because JDK 9+ is not used.

If you have further questions or concerns about your Leostream environment, please reach out to support@leostream.com.

0 Votes