Search the Findwise web

Update on i3 Spring4shell

Update on i3 vulnerability from Spring4shell
Update on i3 Spring4shell

After investigations by our product development team our conclusion are:

Findwise i3 is not affected by the blogpost from spring.io spring-framework-rce-early-announcement because:

1) i3 v2.x runs on Java 8
2) i3 v3.x services are packed to JAR, not WAR files

We are monitoring news about this vulnerability; there is no need to patch anything at the moment. Naturally, every next i3 release will upgrade the most important dependencies to the latest ones.
Feel free to contact us if you have any questions or comments

Page updated 1st of April at 13:00
This post will be updated if needed.