Intelligent Voice has reviewed the “Spring4Shell” vulnerability in the Spring Framework (CVE-2022-22965) and related vulnerability in Spring Cloud Function (CVE-2022-22963) and confirmed that no Intelligent Voice software releases are affected by this vulnerability.
Additionally, Intelligent Voice is assessing its own hosted systems and those of its suppliers and partners to confirm that no Intelligent Voice service will be affected by this vulnerability.
There is no action required for any Intelligent Voice product.
Intelligent Voice continually assesses software dependencies for updates and security patches, and issues updates as required. In Intelligent Voice 5.2.4 the version of Spring Framework will be updated to the latest 5.3.18 in case further vulnerabilities are identified. Spring Cloud Function has never been part of any IV product.