Spring4Shell Vulnerability

ShaunS · March 31, 2022, 4:37pm

Can you confirm if MM is impacted from this issue.

amy.blais · March 31, 2022, 7:14pm

Would you be open to contacting our security team via Report a Security Vulnerability - Mattermost?

ShaunS · April 4, 2022, 12:51pm

I could I guess, but I am not saying there is an issue. Seems like that page is assuming I know there is a problem.

Assume your development team can confirm if they are impacted by this and the community would like to know.

amy.blais · April 4, 2022, 5:30pm

A response from our Security team:

A critical vulnerability targeting the Spring Java framework was recently disclosed. Mattermost would like to share a quick update that our services and products are NOT affected by the Spring4Shell security vulnerability also identified as CVE-2022-22965.

ShaunS · April 4, 2022, 5:48pm

Perfect, thanks for the reply

Topic		Replies	Views
Is MatterMost having an impact on CVE-2022-22963 and CVE-2022-22965? Troubleshooting	1	367	April 4, 2022
Security Update: Log4j Security Vulnerability Announcements	0	1383	December 14, 2021
Security advisorise page Troubleshooting	5	687	March 26, 2021
Configuration Issue reported on load	0	208	November 8, 2023
Log4j Vulnerability Concern Troubleshooting	6	3791	December 14, 2021

Spring4Shell Vulnerability

Related topics