Problem:
Currently running Foreman 3.0.1, is cve-2022-22965 an issue?
Expected outcome:
Foreman and Proxy versions:
Foreman and Proxy plugin versions:
Distribution and version:
Other relevant data:
1 Like
We have the same question.
It’s looking like no, but I am hoping to get more of a comprehensive answer.
I’ll write ASAP.
1 Like
Hello again!
No, this CVE is not an issue.
The only area we wanted to check was Candlepin, but I’ve confirmation that Candlepin doesn’t use Spring at all (neither Spring MVC, or Spring Beans, or Spring Webflux).
2 Likes
Thank you.
2 Likes