[
https://issues.apache.org/jira/browse/RANGER-3691?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17521034#comment-17521034
]
Christian Pfarr commented on RANGER-3691:
-----------------------------------------
Hi [~rmani],
for me it doesnt matter if there is a 2.2.1 or a 2.3.0 its just the question
what could be released faster.
Its good to know that Ranger is not affected but security officers does not
always understand this topics good enough and just say "this has to be fixed
asap"
We are currentlich migrating from 1.2.0 to 2.2.0, so 2.3.0 shoult fit as well
to all other version upgrades from our stack.
Kind Regards,
Christian
> Upgrade spring to 5.3.18 CVE-2022-22965
> ---------------------------------------
>
> Key: RANGER-3691
> URL: https://issues.apache.org/jira/browse/RANGER-3691
> Project: Ranger
> Issue Type: Bug
> Components: admin, kms
> Reporter: kirby zhou
> Assignee: kirby zhou
> Priority: Blocker
> Fix For: 3.0.0
>
>
> [https://tanzu.vmware.com/security/cve-2022-22965|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965]
> [https://github.com/spring-projects/spring-framework/releases]
>
> Spring has a new 0day Remote-Code-Execution problem, related to spring-beans
> and JDK9+
> Fixed at spring 5.3.18 / 5.2.20
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
