The flaws include CVE-2022-22947, which affected VMware's Tanzu products, as well as CVE-2022-22963 and CVE-2022-22965, affecting Java applications.

The bug resides in the Java Development Kit (JDK) from version 9.0 and upwards if the system is also using Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and earlier versions.

The vulnerability is currently thought to affect Java development kit versions 9.0 and above, affecting Spring Framework versions 5.3.17, 5.2.0, and 5.2.19.

The security bug could crop up, so to speak, in any number of Java applications. NOTE: This post is about the confirmed and patched vulnerability tracked as CVE-2022-22963. While the researchers ...

Mitigation for Spring4Shell The best way to mitigate this vulnerability is to update Spring Framework to versions 5.3.18 or 5.2.20 and Spring Boot to versions 2.6.6 or 2.5.12.

This week's Java roundup for April 17th, 2023, features news from OpenJDK, JDK 21, JMC 8.3.1, BellSoft, Spring Boot, Spring Security, Spring Session, Spring Authorization Server, Spring Integration, S ...

Microsoft on Tuesday offered guidance on the so-called "Spring4Shell" vulnerability in the Spring Framework overseen by VMware, while also indicating that its own services were unaffected.