Funkcionalnosć tutoho sydła so přez wothladowanske dźěła wobmjezuje, kotrež maja waše dožiwjenje polěpšić. Jeli nastawk waš problem njerozrisuje a chceće prašenje stajić, wobroćće so na naše zhromodźenstwo pomocy, kotrež na to čaka, wam na @FirefoxSupport na Twitter a /r/firefox na Reddit pomhać.

Avatar for Username

Pomoc přepytać

Hladajće so wobšudstwa pomocy. Njenamołwimy was ženje, telefonowe čisło zawołać, SMS pósłać abo wosobinske informacije přeradźić. Prošu zdźělće podhladnu aktiwitu z pomocu nastajenja „Znjewužiwanje zdźělić“.

Dalše informacije

Tuta nitka je so archiwowała. Prošu stajće nowe prašenje, jeli pomoc trjebaće.

Java Spring Framework

  • 1 wotmołwa
  • 1 ma tutón problem
  • 1 napohlad
  • Poslednja wotmołwa wot James

jeffrey.branham
jeffrey.branham
more options

On March 31, 2022 a pair of significant vulnerabilities were identified in the Java Spring Framework which would allow an attacker to execute malicious code. • CVE-2022-22963 - https://tanzu.vmware.com/security/cve-2022-22963 • CVE-2022-22965 - https://tanzu.vmware.com/security/cve-2022-22965

It is critical for all of our vendors to determine if their software is impacted so that remediation steps can be taken. We need your company to respond to the following questions immediately:

• Is your product impacted by CVE-2022-22963 or CVE-2022-22965? • Is your product built on Java? • Does your product depend on the Spring Cloud Function project? If so, what version? • Does your product depend on Spring Framework? If so, what version? • Does the product require JDK 9 or higher? • Does the product have a dependency on spring-webmvc? • Does the product have a dependency on spring-webflux?

Thanks

On March 31, 2022 a pair of significant vulnerabilities were identified in the Java Spring Framework which would allow an attacker to execute malicious code. • CVE-2022-22963 - https://tanzu.vmware.com/security/cve-2022-22963 • CVE-2022-22965 - https://tanzu.vmware.com/security/cve-2022-22965 It is critical for all of our vendors to determine if their software is impacted so that remediation steps can be taken. We need your company to respond to the following questions immediately: • Is your product impacted by CVE-2022-22963 or CVE-2022-22965? • Is your product built on Java? • Does your product depend on the Spring Cloud Function project? If so, what version? • Does your product depend on Spring Framework? If so, what version? • Does the product require JDK 9 or higher? • Does the product have a dependency on spring-webmvc? • Does the product have a dependency on spring-webflux? Thanks

Wšě wotmołwy (1)

James
James
  • Moderator
  • Top 10 Contributor
more options

jeffrey.branham said
On March 31, 2022 a pair of significant vulnerabilities were identified in the Java Spring Framework which would allow an attacker to execute malicious code. • CVE-2022-22963 - https://tanzu.vmware.com/security/cve-2022-22963 • CVE-2022-22965 - https://tanzu.vmware.com/security/cve-2022-22965 • Is your product impacted by CVE-2022-22963 or CVE-2022-22965? • Is your product built on Java? • Does the product require JDK 9 or higher?

The desktop Firefox web browser for Windows, macOS and Linux (and also the mobile versions for iOS and Android) has never required the Java Plugin from Oracle to work. Firefox has not allowed the Java Plugin (NPAPI) to run for a long while now.

Why do Java, Silverlight, Adobe Acrobat and other plugins no longer work? https://support.mozilla.org/en-US/kb/npapi-plugins

Also if any web browser was vulnerable it would have been mentioned in CVE-2022-22963 or CVE-2022-22965

Also if Firefox was vulnerable to this it would be listed in https://www.mozilla.org/security/known-vulnerabilities/firefox/ https://www.mozilla.org/security/known-vulnerabilities/