[appsuite-announce] Open-Xchange Statement on Vulnerability in the Spring Framework

Open-Xchange App Suite Maintenance Announcements appsuite-announce at open-xchange.com
Thu Mar 31 11:10:45 CEST 2022


Dear Customers of Open-Xchange,

A remote code-execution vulnerability has been found in the Spring Framework, currently named "SpringShell" since no CVE has yet been assigned. 

We have analyzed the issue and our exposure to it based on current information. OX App Suite deployments are using Java 8, the vulnerability does affect systems using Java 9 and newer. At this point, we have no indication that your deployments are vulnerable. 

However, we will continue to monitor the situation closely and update affected components as a precaution.

Best regards,
Your Open-Xchange Team

-------------------------------------------------------------------------------------
Open-Xchange AG, Hohenzollernring 72, 50672 Cologne, District Court Cologne HRB 95366
Managing Board: Andreas Gauger, Dirk Valbert, Frank Hoberg, Stephan Martin
Chairman of the Board: Richard Seibt

European Office:
Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718
Managing Director: Manuel Engel

US Office:
Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA
-------------------------------------------------------------------------------------


More information about the appsuite-announce mailing list