Sonartype vulnerability in Pivotal Spring Framework (CVE-2016-1000027) does not impact Release & Deploy

Overview

Digital.ai Release and Deploy do not use this vulnerable class within the Pivotal Spring Framework. In a future version, we will upgrade to Pivotal Spring Framework version 6.0.0.

In Release & Deploy there is no use direct usage of org.springframework.remoting.httpinvoker.* so neither application is vulnerable to the remote code execution that causes the issue.

Vulnerability

CVE-2016-1000027

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.