Upgrades for Spring Framework Have Stalled

The maintainers of the popular Spring framework patched the critical remote code execution flaw (CVE-2022-22965) on March 31. Two weeks later, the majority of the Spring downloads are still using vulnerable versions with the flaw unpatched, suggesting developers are not in a rush to upgrade.
As…

Source: www.darkreading.com – Read more