On March 31st, Spring announced a critical vulnerability within the popular SpringMVC and Spring WebFlux frameworks for Java (also now known as “Spring4Shell”, CVE-2022-22965).
Security has always been a top priority for Applitools, and our engineers are fully aware of the recent RCE vulnerability introduced in JDK 9+, affecting numerous applications. Our security specialists immediately conducted a complete impact assessment, and validated that throughout our environment, neither SpringMVC or Spring WebFlux is used or depended on by any services we use.
Therefore, Applitools services including the Eyes and Ultrafast Grid services are unaffected. Customers with on-premise installations of Applitools are also unaffected, and won’t need to upgrade or patch any components to address this particular vulnerability. Our security specialists are confident that Applitools products can continue to be safely used without exposure to the Spring4Shell RCE vulnerability.
Our engineers and security team continue to monitor emerging security vulnerabilities and threats and are ready for rapid response should any new vulnerabilities emerge in the future.
Thanks and Happy testing
The Applitools Team