Hello,

Spring announced this vulnerability:

A quick search of CMDBuild server shows “cmdbuild/WEB-INF/lib/spring-webmvc-5.3.9.jar”.

Is CMDBuild affected by this vulnerability?

According to h**ps://tanzu.vmware.com/security/cve-2022-22965 it would be affected. It’s a shame that no developer has commented on this yet.

best regards