[updated on 2022 06 06 16:00 GMT+1]
For more information, see spring blog and CVE-2022-22965.
Timestamp | Description |
---|---|
2022 06 06 16:00 GMT+1 | 2021x Refresh2 HF3 (hot fix) with Spring Framework 5.3.18 is released as Remediation option. |
2022 04 22 16:00 GMT+1 | Added Remediation option for Collaboration tools 2021x GA version. |
2022 04 04 18:00 GMT+1 | First publication. Collaboration tools affected, see Remediation. |
To Do: You have action to perform. See Remediation.
Option 1
Download and install 2021x Refresh2 HF3 (hot fix). This is a new full 2021x Refresh2 version build with Spring Framework version 5.3.18.
See Downloading installation files
Option 2
Before starting with remediation, please download https://repo.spring.io/artifactory/release/org/springframework/spring/5.3.18/spring-5.3.18-dist.zip
The required files for remediation could be found in spring-framework-5.3.18/libs folder.
Jar file to delete | Replace with |
spring-aop-5.3.8.jar | spring-aop-5.3.18.jar |
spring-beans-5.3.8.jar | spring-beans-5.3.18.jar |
spring-context-5.3.8.jar | spring-context-5.3.18.jar |
spring-context-support-5.3.8.jar | spring-context-support-5.3.18.jar |
spring-core-5.3.8.jar | spring-core-5.3.18.jar |
spring-expression-5.3.8.jar | spring-expression-5.3.18.jar |
spring-jcl-5.3.8.jar | spring-jcl-5.3.18.jar |
spring-web-5.3.8.jar | spring-web-5.3.18.jar |
spring-webmvc-5.3.8.jar | spring-webmvc-5.3.18.jar |
h. compress the content of extracted .war file
i. rename .zip with the .war file name, for example: admin.war
j. replace original .war file with modified one in <webapp.install.dir>/webapps.
k. repeat the modification for all .war files.
l. start WebApp service.
Before starting with remediation, please download https://repo.spring.io/artifactory/release/org/springframework/spring/5.3.18/spring-5.3.18-dist.zip
The required files for remediation could be found in spring-framework-5.3.18/libs folder.
Jar file to delete | Replace with |
spring-aop-5.3.0.jar | spring-aop-5.3.18.jar |
spring-beans-5.3.0.jar | spring-beans-5.3.18.jar |
spring-context-5.3.0.jar | spring-context-5.3.18.jar |
spring-context-support-5.3.0.jar | spring-context-support-5.3.18.jar |
spring-core-5.3.0.jar | spring-core-5.3.18.jar |
spring-expression-5.3.0.jar | spring-expression-5.3.18.jar |
spring-jcl-5.3.0.jar | spring-jcl-5.3.18.jar |
spring-web-5.3.0.jar | spring-web-5.3.18.jar |
spring-webmvc-5.3.0.jar | spring-webmvc-5.3.18.jar |
d. compress the content of extracted webapp.war file
e. rename .zip with the webapp.war
f. replace original webapp.war file with modified one in <webapp.install.dir>/webapps
g. start WebApp service.
Before starting with remediation, please download https://repo.spring.io/artifactory/release/org/springframework/spring/5.3.18/spring-5.3.18-dist.zip
The required files for remediation could be found in spring-framework-5.3.18/libs folder.
Jar file to delete | Replace with |
spring-aop-5.2.5.jar | spring-aop-5.3.18.jar |
spring-beans-5.2.5.jar | spring-beans-5.3.18.jar |
spring-context-5.2.5.jar | spring-context-5.3.18.jar |
spring-context-support-5.2.5.jar | spring-context-support-5.3.18.jar |
spring-core-5.2.5.jar | spring-core-5.3.18.jar |
spring-expression-5.2.5.jar | spring-expression-5.3.18.jar |
spring-jcl-5.2.5.jar | spring-jcl-5.3.18.jar |
spring-web-5.2.5.jar | spring-web-5.3.18.jar |
spring-webmvc-5.2.5.jar | spring-webmvc-5.3.18.jar |
d. compress the content of extracted webapp.war file
e. rename .zip with the webapp.war
f. replace original webapp.war file with modified one in <webapp.install.dir>/webapps
g. start WebApp service.
Before starting with remediation, please download https://repo.spring.io/artifactory/release/org/springframework/spring/5.3.18/spring-5.3.18-dist.zip
The required files for remediation could be found in spring-framework-5.3.18/libs folder.
Jar file to delete | Replace with |
spring-aop-5.1.7.RELEASE.jar | spring-aop-5.3.18.jar |
spring-beans-5.1.7.RELEASE.jar | spring-beans-5.3.18.jar |
spring-context-5.1.7.RELEASE.jar | spring-context-5.3.18.jar |
spring-context-support-5.1.7.RELEASE.jar | spring-context-support-5.3.18.jar |
spring-core-5.1.7.RELEASE.jar | spring-core-5.3.18.jar |
spring-expression-5.1.7.RELEASE.jar | spring-expression-5.3.18.jar |
spring-jcl-5.1.7.RELEASE.jar | spring-jcl-5.3.18.jar |
spring-web-5.1.7.RELEASE.jar | spring-web-5.3.18.jar |
spring-webmvc-5.1.7.RELEASE.jar | spring-webmvc-5.3.18.jar |
d. compress the content of extracted webapp.war file
e. rename .zip with the webapp.war
f. replace original webapp.war file with modified one in <webapp.install.dir>/webapps directory
g. start WebApp service.