CVE-2022-22965, a zero-day RCE vulnerability published on March 31st, 2022, has triggered widespread concern that we are facing Log4j 2.0.
Here’s why: Spring4Shell is a critical vulnerability in Spring, one of the most popular open-source frameworks for Java applications in use today. Fast action on detection and remediation is vital. We can help.
Keeping dependencies up-to-date enables you to remediate vulnerabilities like Spring4Shell in minutes instead of days.
Mend Renovate automates dependency management. It works by detecting your dependencies, checking whether an update exists, and creating update pull requests for you, with all the information you need to make your update decision easy.
This is the tool for those of you using GitHub.
Mend Spring4Shell Detect is a free command-line interface tool that quickly scans projects to find vulnerabilities associated with two different CVEs:
It provides the exact path to direct and indirect dependencies, along with the fixed version for speedy remediation.
This is the tool for those of you not using GitHub.