Digital

Blog

European Commission Digital

Versions Compared

Old Version 7

changes.mady.by.user Bogdan DUMITRIU

Saved on

compared with

New Version Current

changes.mady.by.user Virginie MANGELINCK

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

eDelivery sample software affected by Remote Code Execution vulnerability reported in Spring Framework

...

Image Added

Update 04/04/2022

Patches for all product lines that are under active support are now available:

Original announcement

A vulnerability allowing Remote Code Execution was announced reported by the Spring Framework project on 31 March 2022. Please refer to the early announcement for details.

...

SMP, BDMSL and older versions of Domibus are not affected as they do not support JDK 9 or higher, but they do use the vulnerable libraries. Note also the announcement indicates that "there “there may be other ways to exploit [the vulnerability] that have not been reported yet." ” 

The eDelivery team is working to patch all concerned product lines that are under active support immediately. The patched versions will be released as follows:

...

We strongly recommend that all users upgrade to the latest versions as soon as they are available, regardless of the configuration they use.

The eDelivery Building Block

eDelivery is a building block that provides technical specifications and standards, installable software and ancillary services to allow projects to create a network of nodes for secure digital data exchange.

Domibus is the sample software provided by the European Commission to implement an eDelivery AS4 Access Point for the interoperable, secure and reliable exchange of data. It is based on the the eDelivery AS4 profile, an open technical specification for the secure, web-based, payload-agnostic exchange of data or documents.

SMP is the sample software provided by the European Commission to implement an eDelivery Service Metadata Publisher (SMP) for publishing and retrieving data necessary for an eDelivery party to dynamically configure its system for message exchange with counterparties using eDelivery. It is based on the eDelivery SMP profile, an open technical specification for publishing service metadata within a 4-corner network.

BDMSL is the sample software provided by the European Commission to implement an eDelivery Service Metadata Locator (SML) for an eDelivery party to discover the URLs of other counterparties using eDelivery Access Points and their corresponding metadata. It is based on the eDelivery BDXL profile, an open technical specification for locating Access Points within a network.

Add label
labelsedelivery,news


Excerpt
hiddentrue

Patches for all product lines that are under active support are now available.