
You can find the official announcement here: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
We like to share the current state of our analysis with you.
The essential requirement for exploiting the vulnerability is a JDK9. We are still running JDK8 on all PTV xServer API versions.
Thus, the PTV xServer is not affected by CVE-2022-22965 (according to the current status).
Thus, the PTV xServer is not affected by CVE-2022-22965 (according to the current status).
