The security scans at a customer site have found vulnerable components for CVE-2022-22965 in the Connect installation
→ C:\Program Files\Objectif Lune\OL Connect\plugins\org.springframework.spring-beans_5.2.1.RELEASE.jar (org/springframework/beans/CachedIntrospectionResults.class) ←
I know that the attack vector requires tomcat to be involved, which is not the case here, but it would be great if the spring libs get upgraded to a non-vulnerable version in the next release.
We are looking at our options as we speak. The 2022.1 version was pretty much ready to go into Release Cycle, we’ll have to see how changing things at this stage would impact the release.