... |
... |
@@ -1,10
+1,4 @@ |
1 |
1 |
{{info type="info"}} |
2 |
|
-The {{formcycle/}} Versions 6.4.0 through 6.6.13 contain a version of the Spring Framework that contains the [[CVE-2022-22965>>https://tanzu.vmware.com/security/cve-2022-22965]] vulnerability disclosed on March 31st, 2022. |
3 |
|
- |
4 |
|
-Currently, we are not aware of any scenario where this vulnerability in {{formcycle/}} can be exploited. **We still recommend to upgrade to {{formcycle/}} [[Version 6.6.14>>doc:Blog.WebHome]], which use a new version the Spring Framework that no longer contain these vulnerability.** |
5 |
|
-{{/info}} |
6 |
|
- |
7 |
|
-{{info type="info"}} |
8 |
8 |
{{formcycle/}} version 6 uses a version of Log4j that __does not contain__ the vulnerabilities [[CVE-2021-44228>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228]] and [[CVE-2021-45046>>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046]]. Notes on their impact on the newer {{formcycle/}} versions 7.0.0 through 7.0.7 are located on the [[General Security Recommendations>>https://help7.formcycle.eu/xwiki/bin/view/Formcycle/SystemSettings/Sicherheit/]] page in the Help for {{formcycle/}} version 7. |
9 |
9 |
{{/info}} |
10 |
10 |
|