You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "kirby zhou (Jira)" <ji...@apache.org> on 2022/04/01 10:15:00 UTC
[jira] [Commented] (RANGER-3691) Upgrade spring to 5.3.18 CVE-2022-22965
[ https://issues.apache.org/jira/browse/RANGER-3691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17515849#comment-17515849 ]
kirby zhou commented on RANGER-3691:
------------------------------------
[https://reviews.apache.org/r/73924]/
> Upgrade spring to 5.3.18 CVE-2022-22965
> ---------------------------------------
>
> Key: RANGER-3691
> URL: https://issues.apache.org/jira/browse/RANGER-3691
> Project: Ranger
> Issue Type: Bug
> Components: admin, kms
> Reporter: kirby zhou
> Priority: Blocker
>
> [https://tanzu.vmware.com/security/cve-2022-22965|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965]
> [https://github.com/spring-projects/spring-framework/releases]
>
> Spring has a new 0day Remote-Code-Execution problem, related to spring-beans and JDK9+
> Fixed at spring 5.3.18 / 5.2.20
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)