Summary

On March 31, 2022, three critical vulnerabilities in the Java Spring Framework were published:

1. Spring Core RCE (critical): CVE-2022-22965 a.k.a. Spring4Shell or SpringShell. Affected library: org.springframework:spring-bean
2. Information exposure in Spring Cloud Function: CVE-2022-22963. Affected library: org.springframework.cloud:spring-cloud-function-context
3. Denial of service in Spring Expressions: CVE-2022-22950. Affected library: org.springframework:spring-expression

No Impact To OpenMethods 

The OpenMethods product **does not utilize Spring Framework** and therefore has no risk or impact from the current vulnerability. Clients do not need to upgrade any of their current OpenMethods products. 

Recommendations From OpenMethods:

Although the vulnerability does not impact our products, OpenMethods recommends using the workarounds presented by Spring Framework. More information here.