Spring4Shell Vulnerabilities (CVE-2022-22963) and (CVE-2022-22965)

VMware announced a vulnerability (CVE-2022-22963) in their Spring Framework on March 29, 2022. The vulnerability is within the Spring Cloud function allowing remote code execution.

A further vulnerability (CVE-2022-22965) has also been identified on March 31, 2022. This vulnerability affects the Spring Framework RCE and Spring Boot data-binding, if running Java 9 or above.

SoftLanding's 5250 and Eclipse plug-in interfaces (including the TURNOVER® Client) are not affected by these vulnerabilities.

If you have deployed any of the SoftLanding web user interfaces, you should check the Java version that is being used. The vulnerability is only present in Java 9 and above.

SoftLanding recommends Java 8 for its web interfaces, which is unaffected by these vulnerabilities. If running a later Java version it is recommended that you downgrade to Java 8.

Apache Log4j vulnerability (CVE-2021-44228)

Apache published a critical vulnerability within the Apache log4j java library on December 6, 2021. This vulnerability allows an attacker who can control log messages or log message parameters to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

On December 17, 2021, Apache published a new log4j vulnerability (CVE-2021-45105).

We are pleased to state that no SoftLanding products are affected by either vulnerability.

SoftLanding is serious about providing excellent support. When you call us, you'll talk with a friendly, knowledgeable technical support professional who will focus on your question, not the clock. We give you the answers you need, when you need them.

This level of support applies before the sale as well as after. So while you're evaluating the SoftLanding range of products, don't forget to test our top-notch technical support crew! Your annual maintenance fee entitles you to all of the following services:

Unlimited phone and email support

You get unlimited core-hours technical support via phone and email. Core hours in the USA are 8am to 5pm eastern time, week days, excluding public holidays.  In the USA, emergency evening and weekend support is available.  In the UK, core hours are 9am to 5:30pm, week days, excluding public holidays.

To email the SoftLanding support team, please use for the USA, and for EMEA.

SoftLanding customer portal

You'll find a wealth of technical resources via the SoftLanding customer portal, including details on the newest releases, technical bulletins, and compatibility information. You can send a new request directly to our helpdesk and track the status of any of your existing support incidents.

Online documentation

Product documentation can be found on the SoftLanding public website or via the SoftLanding customer portal.

Release notes and cumulative PTFs

We produce regular updates to all of our products. You can get copies of recent release notes and download the latest software updates through our customer portal.

Online product authorization codes

As an approved registered user of the SoftLanding customer portal, you can obtain up to two emergency product authorization codes a year, per system/logical partition configuration. Please contact your local SoftLanding technical support team for more details.