Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update Spring to 5.3.18 #3763

Closed
abrokenjester opened this issue Apr 2, 2022 · 0 comments · Fixed by #3764
Closed

Update Spring to 5.3.18 #3763

abrokenjester opened this issue Apr 2, 2022 · 0 comments · Fixed by #3764
Assignees
Labels
🐞 bug issue is a bug security
Milestone

Comments

@abrokenjester
Copy link
Contributor

abrokenjester commented Apr 2, 2022

Current Behavior

Current version of Spring used by RDF4J is 5.3.14 which is potentially vulnerable to CVE-2022-22965 ("Spring4Shell").

Expected Behavior

Update to Spring 5.3.18 which includes fix spring-projects/spring-framework#28261 , addressing the vulnerability in the classloader.

Steps To Reproduce

No response

Version

3.7.6

Are you interested in contributing a solution yourself?

Yes

Anything else?

No response

@abrokenjester abrokenjester added this to the 3.7.7 milestone Apr 2, 2022
@abrokenjester abrokenjester self-assigned this Apr 2, 2022
abrokenjester added a commit that referenced this issue Apr 2, 2022
abrokenjester added a commit that referenced this issue Apr 2, 2022
patrickwyler pushed a commit to patrickwyler/rdf4j that referenced this issue Jun 20, 2022
patrickwyler pushed a commit to patrickwyler/rdf4j that referenced this issue Jun 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🐞 bug issue is a bug security
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant