Ariadne Software are pleased to advise our customers that the CoolSpools application is not impacted by the Spring4Shell vulnerability identified as CVE-2022-22965, and that no software updates are required to your CoolSpools application as a result of this vulnerability.

CVE-2022-22965 is a critical software vulnerability that affects applications built on the Spring framework (Spring MVC or Spring WebFlux), most commonly when deployed as WAR files served on Apache Tomcat. It is a major concern to organisations worldwide, with many companies embarking on a wholesale review of their software to ensure that they are not susceptible to attack.

The CoolSpools product does not make use of the Spring framework, Tomcat or WAR files, so there are no modules of CoolSpools that are affected by this vulnerability.

CVE-2022-22965 Framework Security Spring vulnerability