Spring4Shell vulnerability
Question / Problem
On 03/31/2022 a vulnerability in the Java Spring framework has been found and published, known as Spring4Shell. Is your application affected by this vulnerability and needs to be patched?
Answer / Solution
None of our applications depend on Java Spring or any other Java library and are thus not affected by this vulnerability.
All of our products are being developed in Delphi or C#. Although we use Spring4D(elphi) with some of the components, they are safe to use, because the reported vulnerability applies to Java Spring framework only.
This applies to all versions and editions of our applications (TreeSize, SpaceObServer, SpaceObServer WebAccess, HeavyLoad, SmartPOP2Exchange, Exchange Server Toolbox, SpamAssassin in a Box, SpamAssassin for Windows, SmartCallMonitor, SEPA-Transfer, ServerSentinel, and ShellBrowser). It is recommended to always use the latest available versions though to benefit from the latest patches, improvements, and features.