Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-13276

Update Spring Framework to 5.3.19

    XMLWordPrintable

Details

    • 4
    • We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      CVE-2022-22965

      For information about CVE-2022-22965 as it applies to Atlassian's products see https://confluence.atlassian.com/kb/faq-for-cve-2022-22965-1115149136.html

      The Spring Spring Framework version used in Bitbucket Server/Data Center should be updated to 5.3.19.

      Note that while CVE-2022-22965 is addressed in 5.3.18, some of the restrictions break non-bundled plugins. This is fixed in Spring 5.3.19 as described here: https://github.com/spring-projects/spring-framework/issues/28269

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              behumphreys Ben Humphreys
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: