Spring Framework
Hi. I notice in your 3rd party software listing that you use Spring Framework version 5.3.7 with is vulnerable to the Spring4Shell issue. Is YouTrack standalone vulnerable to Spring4Shell and if so when will a version be released with the updated version of the Spring Framework in.
Please sign in to leave a comment.
Hi!
I'm Sergey from the YouTrack team.
I can confirm that YouTrack is not affected by the Spring4Shell vulnerability, which is being tracked under CVE-2022-22965. Still, though, we will upgrade our Spring version in the upcoming YouTrack release. For more details, please refer to this post: SpringShell: Impact of Spring Framework Vulnerabilities on YouTrack and Hub