You are currently reviewing an older revision of this page.
On 31-Mar-2021 an announcement was made regarding the Spring4Shell security vulnerability (CVE-2022-22965). Following the announcement, Appian actively investigated whether the impacted library is being used on the Appian platform. Appian has taken the following actions in response:
Additional Notes:
Supporting Documentation:
https://www.contrastsecurity.com/security-influencers/new-spring4shell-vulnerability-confirmed-what-it-is-and-how-to-be-prepared
https://www.cyberkendra.com/2022/03/spring4shell-details-and-exploit-code.html
https://thehackernews.com/2022/03/security-patch-releases-for-critical.html
https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
Timeline:
This article applies to all supported versions of Appian.
Last Reviewed: April 7, 2022