Open-Xchange Statement on Vulnerability in the Spring Framework
A remote code-execution vulnerability has been found in the Spring Framework, currently named "SpringShell" (CVE-2022-22965).
We have analyzed the issue and our exposure to it based on current information. OX App Suite deployments are using Java 8, the vulnerability does affect systems using Java 9 and newer. At this point, we have no indication that your deployments are vulnerable.
However, we will continue to monitor the situation closely and update affected components as a precaution.
A remote code-execution vulnerability has been found in the Spring Framework, currently named "SpringShell" (CVE-2022-22965).
We have analyzed the issue and our exposure to it based on current information. OX App Suite deployments are using Java 8, the vulnerability does affect systems using Java 9 and newer. At this point, we have no indication that your deployments are vulnerable.
However, we will continue to monitor the situation closely and update affected components as a precaution.