Address a Spring Framework CVE
Package
Affected versions
<3.26.0
Patched versions
3.27,3.28,>3.29
mapfish/mapfish-print
(github release)
<3.26.0,3.27.0,3.28.0,3.28.1,3.28.2,3.29.0
3.27.1,3.28.3,>3.29.1
Address: CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+
See:
https://tanzu.vmware.com/security/cve-2022-22965
If you use the Docker images 3.27, 3.28 or 3.29 you should use a recent version of them (note that the version 3.20 is not impacted).
If you use the war you should use one of the versions: 3.27.1,3.28.3,3.29.1 (note that the version 3.20 shouldn't be use with Java version < 9).
If you use the jar you should use a version of Java, or a version of spring that's not impacted.