RealObjects is actively responding to the reported remote code execution vulnerability CVE-2022-22965 in the Spring Framework Java library aka “Spring4Shell” (https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/). We are investigating and analyzing if and how our products and services may be impacted by this vulnerability.
As of now we have identified, that part of our products (PDFreactor Web Service) might be affected by this vulnerability. The vulnerability is mitigated with the PDFreactor 11.4.6 release (released on 2022-04-01) which contains updated and no longer affected Spring Framework dependencies.
For PDFreactor 10.2 we recommend to update to Spring Framework 5.2.20
For PDFreactor versions below 10.2 we recommend to update to the latest major version or at least PDFreactor 10.2 and then replacing the affected Spring Framework libraries as mentioned above.