CVE-2022-22965, a zero-day RCE vulnerability published on March 31st, 2022, has triggered widespread concern that we are facing Log4j 2.0.
Here’s why: Spring4Shell is a critical vulnerability in Spring, one of the most popular open-source frameworks for Java applications in use today. Fast action on detection and remediation is vital. We can help.
Keeping dependencies up-to-date enables you to remediate vulnerabilities like Spring4Shell in minutes instead of days.
Mend Renovate automates dependency management. It works by detecting your dependencies, checking whether an update exists, and creating update pull requests for you, with all the information you need to make your update decision easy.
This is the tool for those of you using GitHub.
Mend Spring4Shell Detect is a free command-line interface tool that quickly scans projects to find vulnerabilities associated with two different CVEs:
It provides the exact path to direct and indirect dependencies, along with the fixed version for speedy remediation.
This is the tool for those of you not using GitHub.
Mend, formerly known as Mend, effortlessly secures what developers create. Mend uniquely removes the burden of application security, allowing development teams to deliver quality, secure code, faster. With a proven track record of successfully meeting complex and large-scale application security needs, the world’s most demanding software developers rely on Mend. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open source automated dependency update project. For more information, visit www.mend.io, the Mend blog, and Mend on LinkedIn and Twitter.
Start your free trial with the industry-leading solution for open source security and compliance management.