Spring Framework

Hi.  I notice in your 3rd party software listing that you use Spring Framework version 5.3.7 with is vulnerable to the Spring4Shell issue.  Is YouTrack standalone vulnerable to Spring4Shell and if so when will a version be released with the updated version of the Spring Framework in.

1 comment
Comment actions Permalink
Official comment

Hi!

I'm Sergey from the YouTrack team. 

I can confirm that YouTrack is not affected by the Spring4Shell vulnerability, which is being tracked under CVE-2022-22965. Still, though, we will upgrade our Spring version in the upcoming YouTrack release. For more details, please refer to this post: SpringShell: Impact of Spring Framework Vulnerabilities on YouTrack and Hub

Please sign in to leave a comment.