Digital.ai Support
DevOps
Digital.ai Release & Deploy

Sonartype vulnerability in Pivotal Spring Framework (CVE-2016-1000027) does not impact Release & Deploy

Jim Uomini

February 23, 2023 17:43

Overview

Digital.ai Release and Deploy do not use this vulnerable class within the Pivotal Spring Framework. In a future version, we will upgrade to Pivotal Spring Framework version 6.0.0.

In Release & Deploy there is no use direct usage of org.springframework.remoting.httpinvoker.* so neither application is vulnerable to the remote code execution that causes the issue.

Vulnerability

CVE-2016-1000027

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

Digital.ai Release & Deploy Documentation
Guidelines for requesting support for Digital.ai Release or Deploy
Policy: Digital.ai DevOps Release and Deploy supported product versions
Can we duplicate a deployment package and move it to a different application in Deploy?
Can we modify trigger type and template used to create a release once trigger is configured in Release?
Community plugins for Digital.ai DevOps products
Digital.ai Deploy Custom Deployment Best Practices
Digital.ai Release Vulnerabilities
Error: "Could not decrypt Base64 encoded password" during Deploy version upgrades.
Error: Application with name [Applicaions/directory/app001] already exists in Deploy