Forums | Mahara Community
Security Announcements
/
Mahara and Spring framework?
This topic is closed. Only moderators and the group administrators can post new replies.
01 April 2022, 22:10
Hello,
Far reaching security vulnerabilities in the Spring framework used in many Java applications have been made public:
- https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
- https://www.rapid7.com/blog/post/2022/03/30/spring4shell-zero-day-vulnerability-in-spring-framework/
- https://tanzu.vmware.com/security/cve-2022-22963
- https://tanzu.vmware.com/security/cve-2022-22965
Mahara itself is a PHP application and thus not directly affected. The only component that required review is our implementation of Elasticsearch as that is a Java application. Our initial investigation did not reveal any immediate vulnerability. Our systems operations team is conducting a more thorough review. If that reveals any issues, we'll be in touch.
If you use Elasticsearch, you may wish to follow the security announcements from Elastic.
Thank you
Kristina
1 result