Page History
[updated on 2022 04 22 06 06 16:00 GMT+1]
For more information, see spring blog and CVE-2022-22965.
...
Change log
Timestamp | Description |
---|---|
2022 06 06 16:00 GMT+1 | 2021x Refresh2 HF3 (hot fix) with Spring Framework 5.3.18 is released as Remediation option. |
2022 04 22 16:00 GMT+1 | Added Remediation option for Collaboration tools 2021x GA version. |
2022 04 04 18:00 GMT+1 | First publication. Collaboration tools affected, see Remediation. |
...
Remediation instructions for collaboration tools (Magic Collaboration Studio, Teamwork Cloud, Cameo Collaborator for Teamwork Cloud) 2021x Refresh2
Option 1
Download and install 2021x Refresh2 HF3 (hot fix). This is a new full 2021x Refresh2 version build with Spring Framework version 5.3.18.
See Downloading installation files
Option 2
Before starting with remediation, please download https://repo.spring.io/artifactory/release/org/springframework/spring/5.3.18/spring-5.3.18-dist.zip
...
Jar file to delete | Replace with |
spring-aop-5.1.7.RELEASE.jar | spring-aop-5.3.18.jar |
spring-beans-5.1.7.RELEASE.jar | spring-beans-5.3.18.jar |
spring-context-5.1.7.RELEASE.jar | spring-context-5.3.18.jar |
spring-context-support-5.1.7.RELEASE.jar | spring-context-support-5.3.18.jar |
spring-core-5.1.7.RELEASE.jar | spring-core-5.3.18.jar |
spring-expression-5.1.7.RELEASE.jar | spring-expression-5.3.18.jar |
spring-jcl-5.1.7.RELEASE.jar | spring-jcl-5.3.18.jar |
spring-web-5.1.7.RELEASE.jar | spring-web-5.3.18.jar |
spring-webmvc-5.1.7.RELEASE.jar | spring-webmvc-5.3.18.jar |
d. compress the content of extracted webapp.war file
e. rename .zip with the webapp.war
f. replace original webapp.war file with modified one in <webapp.install.dir>/webapps directory
g. start WebApp service.
...