Digital.ai
DevOps
Digital.ai Release & Deploy

Sonartype vulnerability in Pivotal Spring Framework (CVE-2016-1000027) does not impact Release & Deploy

Jim Uomini

February 22, 2023 17:32

Overview

Digital.ai Release and Deploy do not use this vulnerable class within the Pivotal Spring Framework. In a future version, we will upgrade to Pivotal Spring Framework version 6.0.0.

In Release & Deploy there is no use direct usage of org.springframework.remoting.httpinvoker.* so neither application is vulnerable to the remote code execution that causes the issue.

Vulnerability

CVE-2016-1000027

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

Digital.ai Release & Deploy Documentation
Guidelines for requesting support for Digital.ai Release or Deploy
Policy: Digital.ai DevOps, Release and Deploy, supported product versions
Are templates with Release triggers no longer supported in Release 10.x?
Can we duplicate a deployment package and move it to a different application in Deploy?
Community plugins for Digital.ai DevOps products
Deploy UI giving a blank page after upgrade to 22.1.x
Digital.ai Deploy Custom Deployment Best Practices
Error: "Could not decrypt Base64 encoded password" during XL Deploy version upgrades.
Error: Application with name [Applicaions/directory/app001] already exists