Spring4Shell Vulnerability

Can you confirm if MM is impacted from this issue.

Would you be open to contacting our security team via Report a Security Vulnerability - Mattermost?

I could I guess, but I am not saying there is an issue. Seems like that page is assuming I know there is a problem.

Assume your development team can confirm if they are impacted by this and the community would like to know.

A response from our Security team:

A critical vulnerability targeting the Spring Java framework was recently disclosed. Mattermost would like to share a quick update that our services and products are NOT affected by the Spring4Shell security vulnerability also identified as CVE-2022-22965.

1 Like

Perfect, thanks for the reply