Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

We’ve a plans to upgrade to Spring 5x, get rid of dependency on Tomcat, and run OpenSpecimen as a standalone process. The idea is to complete this upgrade by end of CY 2022. However, this plan could be impacted by unforeseen events that are not in our control.

Mitigation

In spite of not suffering from this vulnerability, out of an abundance of caution, we plan to prevent WebDataBinder from processing the risky names containing the class keywords - class.*, Class.*, *.class.*, *.Class.* etc. This fix will be available in OpenSpecimen v9.0