Overview
Digital.ai Release and Deploy do not use this vulnerable class within the Pivotal Spring Framework. In a future version, we will upgrade to Pivotal Spring Framework version 6.0.0.
In Release & Deploy there is no use direct usage of org.springframework.remoting.httpinvoker.* so neither application is vulnerable to the remote code execution that causes the issue.
Comments
Please sign in to leave a comment.