Payara Platform & “Spring4Shell”
Originally published on 06 Apr 2022
Last updated on 08 Apr 2022
The Remote Code Execution (RCE) vulnerability detected in the Spring Java Framework in March 2022 (tagged as CVE-2022-22965) is unlikely to impact those using Payara Platform.
However, users that deploy Spring Framework WAR packaged applications in Payara Server are affected by this vulnerability as Payara Server shares pieces of code in its Servlet implementation, Catalina, which was originally branched from Apache Tomcat.
To mitigate the risk of being impacted by this vulnerability, we have implemented an urgent fix that effectively disables the affected code in the corresponding Catalina modules. This hotfix will be included in the upcoming releases of both Payara Community (5.2022.2) and Payara Enterprise (5.38)
Please note: Users must also apply the fixes issued in Spring Framework 5.3.18 and 5.2.20, available inSpring Boot 2.6.6. as per their recommendations, to be fully protected.
Read more about the vulnerability here:
https://venturebeat.com/2022/04/01/spring4shell-vulnerability-should-you-patch/
Find more resources here for increasing the security of your applications:
Related Posts
Get Ready for Devoxx Belgium 2024: Payara is Excited to See You There!
Published on 23 Sep 2024
by Chiara Civardi
0 Comments
It's almost time for one of the most anticipated tech events of the year: Devoxx Belgium 2024! From October 7th to 11th, the Java developer community will gather at Kinepolis, in Antwerp, Belgium, for a week of networking, learning and ...
Join Live Webinar - Jakarta EE 11: What’s Next for Enterprise Java
Published on 18 Sep 2024
by Dominika Tasarz
0 Comments