After investigations by our product development team our conclusion are:
Findwise i3 is not affected by the blogpost from spring.io spring-framework-rce-early-announcement because:
1) i3 v2.x runs on Java 8
2) i3 v3.x services are packed to JAR, not WAR files
We are monitoring news about this vulnerability; there is no need to patch anything at the moment. Naturally, every next i3 release will upgrade the most important dependencies to the latest ones.
Feel free to contact us if you have any questions or comments
Page updated 1st of April at 13:00
This post will be updated if needed.