Pentaho

 View Only
  • 1.  CVE-2022-22965 vulnerability in Pentaho data integration (Spring Framework vulnerability )

    Posted 04-07-2022 07:37
    Hi Team,

    please share the mitigation plan for CVE-2022-22965 in PDI.(Spring Framework vulnerability )
    Plugin Output:
    Path : /home/pentaho/client/data-integration/system/karaf/system/org/apache/karaf/deployer/org.apache.karaf.deployer.spring/3.0.3/org.apache.karaf.deployer.spring-3.0.3.jar
    Installed version : 3.0.3
    Fixed version : 5.2.20.

    what is the process for upgrading spring jar file?

    Thanks,
    Divya.

    ------------------------------
    Divya Joseph
    Systems Engineer
    Encora
    ------------------------------


  • 2.  RE: CVE-2022-22965 vulnerability in Pentaho data integration (Spring Framework vulnerability )

    Posted 04-11-2022 04:37
    Hello  Divya

    Please have a look and keep an eye at this knowledgebase article. Hope it's helpful:
    https://knowledge.hitachivantara.com/Security/%22Spring4Shell%22_-_RCE_Vulnerability_in_Spring_Framework_(CVE_2022-22965)

    Best Regards

    ------------------------------
    William Jansen van Nieuwenhuizen
    Hitachi Vantara
    ------------------------------



  • 3.  RE: CVE-2022-22965 vulnerability in Pentaho data integration (Spring Framework vulnerability )

    Posted 04-11-2022 06:57
    Hi William,

    Thanks for the details.
    The link doesn't have any info on pentaho data integration.

    May I get the mitigation plan for pentaho data integration?

    Thanks,
    Divya


    ------------------------------
    Divya Joseph
    Systems Engineer
    Encora
    ------------------------------



  • 4.  RE: CVE-2022-22965 vulnerability in Pentaho data integration (Spring Framework vulnerability )

    Posted 07-13-2022 09:52
    Hi,

    Is there any update on this?
    Can we simply replace the 3.0.3 file?

    Thanks,


    ------------------------------
    Roy Kossen
    ------------------------------