[ https://issues.apache.org/jira/browse/RANGER-3691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17519090#comment-17519090 ]
Ramesh Mani edited comment on RANGER-3691 at 4/7/22 6:41 PM: ------------------------------------------------------------- [~kirbyzhou] could you please refer to me the log4j-logback patches which you are mentioning? was (Author: rmani): [~kirbyzhou] could you please refer the log4j-logback patches which you are mentioning? > Upgrade spring to 5.3.18 CVE-2022-22965 > --------------------------------------- > > Key: RANGER-3691 > URL: https://issues.apache.org/jira/browse/RANGER-3691 > Project: Ranger > Issue Type: Bug > Components: admin, kms > Reporter: kirby zhou > Assignee: kirby zhou > Priority: Blocker > Fix For: 3.0.0 > > > [https://tanzu.vmware.com/security/cve-2022-22965|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965] > [https://github.com/spring-projects/spring-framework/releases] > > Spring has a new 0day Remote-Code-Execution problem, related to spring-beans > and JDK9+ > Fixed at spring 5.3.18 / 5.2.20 > -- This message was sent by Atlassian Jira (v8.20.1#820001)