Recently CVE-2022-22950 & CVE-2022-22965 were disclosed in the Spring Framework and CVE-2022-22963 in Spring Cloud Function. Our security team has investigated these vulnerabilities and we have taken the necessary actions. Blueriq has released various patches to address these vulnerabilities.
Blueriq strongly recommends that all customers update to the latest patch version. More information about the patches can be found on the Blueriq Community.
For more information on the CVE's, please follow the following links:
• CVE-2022-22950 (https://tanzu.vmware.com/security/cve-2022-22950)
• CVE-2022-22963 (https://tanzu.vmware.com/security/cve-2022-22963)
• CVE-2022-22965 (https://tanzu.vmware.com/security/cve-2022-22965)