Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

[updated on 2022 04 22 06 06 16:00 GMT+1]

For more information, see spring blog and CVE-2022-22965.

...

Change log

TimestampDescription
2022 06 06 16:00 GMT+12021x Refresh2 HF3 (hot fix) with Spring Framework 5.3.18 is released as Remediation option.
2022 04 22 16:00 GMT+1Added Remediation option for Collaboration tools 2021x GA version.
2022 04 04 18:00 GMT+1

First publication. Collaboration tools affected, see Remediation.

Spring Framework (Spring4Shell) version 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 is a part of the following products. Action to perform.

...

Remediation instructions for collaboration tools (Magic Collaboration Studio, Teamwork Cloud, Cameo Collaborator for Teamwork Cloud) 2021x Refresh2 

Option 1

Download and install 2021x Refresh2 HF3 (hot fix). This is a new full 2021x Refresh2 version build with Spring Framework version 5.3.18. 

See Downloading installation files

Option 2

Before starting with remediation, please download https://repo.spring.io/artifactory/release/org/springframework/spring/5.3.18/spring-5.3.18-dist.zip

...

Jar file to delete

Replace with

spring-aop-5.1.7.RELEASE.jar

spring-aop-5.3.18.jar

spring-beans-5.1.7.RELEASE.jar

spring-beans-5.3.18.jar

spring-context-5.1.7.RELEASE.jar

spring-context-5.3.18.jar

spring-context-support-5.1.7.RELEASE.jar

spring-context-support-5.3.18.jar

spring-core-5.1.7.RELEASE.jar

spring-core-5.3.18.jar

spring-expression-5.1.7.RELEASE.jar

spring-expression-5.3.18.jar

spring-jcl-5.1.7.RELEASE.jar

spring-jcl-5.3.18.jar

spring-web-5.1.7.RELEASE.jar

spring-web-5.3.18.jar

spring-webmvc-5.1.7.RELEASE.jar

spring-webmvc-5.3.18.jar

d. compress the content of extracted webapp.war file
e. rename .zip with the webapp.war
f. replace original webapp.war file with modified one in <webapp.install.dir>/webapps directory
g. start WebApp service.

 

...