Details
-
Bug
-
Status: Closed (View Workflow)
-
TBD
-
Resolution: Done
-
1.0.3
-
None
-
-
Volaris Sprint 137
-
1
-
Volaris
-
Lotus (R1 2022) Bug Fix
-
TBD
Description
Lotus (R1 2022) and Kiwi (R3 2021) use edge-inn-reach 1.0.3.
On b1.0 branch
- upgrade spring-boot-starter-parent from 2.3.4.RELEASE to >= 2.6.6 or >= 2.5.12.RELEASE
- or upgrade Spring Framework from 5.2.9.RELEASE to 5.2.20.RELEASE
- or apply some other effective fix
- or explain why edge-inn-reach is not affected by Spring4Shell.
See FOLIO-3466
And release a patch version.
TestRail: Results
Attachments
Issue Links
- blocks
-
FOLIO-3466 Spring4Shell: spring-beans RCE Vulnerability (CVE-2022-22965)
-
- Closed
-
- is duplicated by
-
-
- Closed
-
- relates to
-
-
- Closed
-