Security Bulletin: Spring Framework

Updated: Monday, April 11, 2022

INT is aware of the recently disclosed vulnerability relating to the Spring framework, and we are monitoring this issue and working to assess the impact, if any, it may have on our products or customers.

Impact on INT Software

GeoToolkit

GeoToolkit is NOT affected by this vulnerability.

INTGeoServer (used by INTViewer, IVAAP, and HTML5Viewer)

INTGeoServer is NOT affected by this vulnerability.

INTViewer

INTViewer is NOT affected by this vulnerability.

IVAAP

In the current IVAAP development version (dev-2.10), the playnode and mqgatewaynode do use Spring libraries and are transitive dependencies of the version of ActiveMQ 5.15 we are currently using.

However, this does not apply to these nodes since this vulnerability only occurs when running in a servlet with a Java 9+ JVM, nor does it apply to the ActiveMQ broker’s console container we ship, which includes OpenJDK 8.

If you have any questions, please feel free to contact us at support@int.com.