Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSpring Integration Zip 1.0.4 & CVE-2021-22114
Dear Spring community,
On behalf of the team and everyone who contributed, it is my pleasure to announce 1.0.4.RELEASE version for Spring Integration Zip extension.
CVE-2021-22114
The UnZipTransformer doesn’t cover all the cases for Zip Slip Vulnerability and some particular zip entry names may still end up outside of working directory.
The updated fix has been released in the spring-integration-zip-1.0.4.RELEASE version together with some other bug fixes and improvements. We also have published a new advisory for CVE-2021-22114.
Credit: Trung Pham, Viettel Cyber Security.
Everybody who’s using unzip feature from Spring Integration Zip is encouraged to upgrade respectively.
Cheers,
Artem
Project Page | GitHub Issues | Contributing | Help | Chat
Get support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all