Login  Sign up

Spring Framework: "Spring4Shell" Vulnerability Announcement (CVE-2022-22965)

Leostream would like to reassure our customers that their Leostream environment is not subject to the Spring Framework Remote Code Execution Vulnerability (also known as “Spring4Shell” or “SpringShell”).

- The Leostream Connection Broker, Leostream Agent for Windows, Leostream Connect client for Windows, and Leostream License Server do not have Java dependencies.

- The Linux/macOS versions of the Leostream Agent and Leostream Connect client do have Java dependencies, however they do not use the Spring Framework package.

- The Leostream Gateway does depend on packages that include the Spring Framework; however, is not impacted because JDK 9+ is not used.

If you have further questions or concerns about your Leostream environment, please reach out to support@leostream.com.