Spring Framework CVE: How it affects FusionAuth (TLDR: It doesn't)

Company

FusionAuth

Date Published

April 5, 2022

Author

Dan Moore

Word count

224

Language

English

Hacker News points

None

URL

fusionauth.io/blog/spring-fusionauth

Summary

The recent announcement of CVE-2022-22965, a remote code execution vulnerability in Spring MVC or Spring WebFlux applications running on JDK 9+, has raised concerns among users. FusionAuth is not affected by this vulnerability as it uses a different MVC framework, Prime, and therefore cannot be compromised. However, security is important to FusionAuth, which takes various measures to ensure the security of its customers' applications, including a responsible disclosure program, regular penetration tests, and security disclosures in release notes.