Stax Response To Spring4Shell Java Vulnerability
The Stax team is aware of the recently disclosed vulnerability within the popular Java Spring Framework and related software components being referred to as Spring4Shell (CVE-2022-22965).
Stax’s security and development teams have analysed the components of Stax that are Java based. Despite the Spring Framework being present in the codebase, no usage of known vulnerable functions was identified.
Stax is continuing to monitor the situation and related component announcements.