Since this week there is a new zero-day vulnerability in the Spring framework. Please note that we are aware of this and currently analyzing how far the PTV xServer is affected.You can find the official announcement here: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
We like to share the current state of our analysis with you.
The essential requirement for exploiting the vulnerability is a JDK9. We are still running JDK8 on all PTV xServer API versions.
Thus, the PTV xServer is not affected by CVE-2022-22965 (according to the current status).
Thus, the PTV xServer is not affected by CVE-2022-22965 (according to the current status).
Of course, there may be new findings, so we will continue to investigate this issue. We will inform you as soon as there are further findings. To stay tuned subscribe to our blog.