Skyve - The Low Code Open Source Enterprise Platform

View Original

Skyve 8.0.2 Released

This release updates the version of Spring Framework used by Skyve to remove the Spring4Shell vulnerability. This is a recommended release for all Skyve applications prior to 8.0.1.

Spring4Shell

The Skyve platform does use Spring but was not affected by CVE-2022-22965, but as a precaution the version of Spring has been updated to the latest version which includes the Spring patch to the vulnerability.

Framework

  • Uplift spring to 5.3.18 and spring-security to 5.6.2 to mitigate CVE-2022-22965 (Spring4Shell).

NOTES FOR UPGRADING

To upgrade your Skyve project to this version, change the Skyve version in your pom.xml to 8.0.2 and perform an assemble.

If you are upgrading from a version older than 8.0.0, please see the previous release notes and also apply those changes.

See the complete upgrade instructions on GitHub.