[oxhe-announce] Open-Xchange Statement on Vulnerability in the Spring Framework
Open-Xchange Hosting Edition Maintenance Announcements
oxhe-announce at open-xchange.com
Thu Mar 31 11:10:45 CEST 2022
Dear Customers of Open-Xchange,
A remote code-execution vulnerability has been found in the Spring Framework, currently named "SpringShell" since no CVE has yet been assigned.
We have analyzed the issue and our exposure to it based on current information. OX App Suite deployments are using Java 8, the vulnerability does affect systems using Java 9 and newer. At this point, we have no indication that your deployments are vulnerable.
However, we will continue to monitor the situation closely and update affected components as a precaution.
Best regards,
Your Open-Xchange Team
-------------------------------------------------------------------------------------
Open-Xchange AG, Hohenzollernring 72, 50672 Cologne, District Court Cologne HRB 95366
Managing Board: Andreas Gauger, Dirk Valbert, Frank Hoberg, Stephan Martin
Chairman of the Board: Richard Seibt
European Office:
Open-Xchange GmbH, Olper Huette 5f, D-57462 Olpe, Germany, District Court Siegen, HRB 8718
Managing Director: Manuel Engel
US Office:
Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA
-------------------------------------------------------------------------------------
More information about the oxhe-announce
mailing list