After investigation we have found that we are not affected by the Spring4Shell vulnerability. No action is required by our customers regarding this matter.
If you have any questions or concerns, please reach out to the OpenAthens Service Desk at help@openathens.net or via the Service Desk portal.
Posted Apr 04, 2022 - 09:37 BST
Identified
Customers may have seen the news about a vulnerability related to Spring Framework (https://spring.io/projects/spring-framework) disclosed on 31 March 2022 (CVE-2022-22965). The OpenAthens team have been monitoring this issue since then and are taking steps to remediate where necessary.
We will continue to monitor the situation as it evolves, and we are positioned to deploy recommended countermeasures and patches if any are required.
No action is required by customers relating to OpenAthens products, and no service interruptions or security incidents have been detected.