Skip to content
Advertisement

Tag: cve-2022-22965

ControllerAdvice @InitBinder setDisallowedFields doesn’t work

A JAVA project has been built with spring boot version 2.5.3. Due to the “Spring4shell” (CVE-2022-22965) security risk, we have to take mitigation actions. It’s not possible to upgrade the Spring Boot version since several other dependencies are incompatible with the latest Spring Boot version. So, it has been decided to apply a suggested workaround according to https://www.springcloud.io/post/2022-03/spring-framework-rce-early-announcement/#gsc.tab=0 According to

Advertisement