NXLog is aware of the "Spring4Shell" vulnerability that was reported by VMWare last week and the resulting CVE-2022-22965. This vulnerability is a Remote Code Execution (RCE) type vulnerabiltiy impacting
Spring Framework while running
Apache Tomcat as the servlet container while running on
Java version 9 and higher.
The NXLog Manager product uses the
Spring Framework, though we use
Jetty as our servlet container and only support
Java version 7 and
Java version 8 currently.
We are not impacted or affected by this vulnerability.
Please feel free to contact support if there are any additional questions.