| ... |
... |
@@ -1,4
+1,10 @@ |
| 1 |
1 |
{{info type="info"}} |
|
2 |
+The {{formcycle/}} Versions 6.4.0 through 6.6.13 contain a version of the Spring Framework that contains the [[CVE-2022-22965>>https://tanzu.vmware.com/security/cve-2022-22965]] vulnerability disclosed on March 31st, 2022. |
|
3 |
+ |
|
4 |
+Currently, we are not aware of any scenario where this vulnerability in {{formcycle/}} can be exploited. **We still recommend to upgrade to {{formcycle/}} [[Version 6.6.14>>doc:Blog.WebHome]], which use a new version the Spring Framework that no longer contain these vulnerability.** |
|
5 |
+{{/info}} |
|
6 |
+ |
|
7 |
+{{info type="info"}} |
| 2 |
2 |
{{formcycle/}} version 6 uses a version of Log4j that __does not contain__ the vulnerabilities [[CVE-2021-44228>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228]] and [[CVE-2021-45046>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046]]. Notes on their impact on the newer {{formcycle/}} versions 7.0.0 through 7.0.7 are located on the [[General Security Recommendations>>https://help7.formcycle.eu/xwiki/bin/view/Formcycle/SystemSettings/Sicherheit/]] page in the Help for {{formcycle/}} version 7. |
| 3 |
3 |
{{/info}} |
| 4 |
4 |
|