Windward Studios is actively responding to the reported remote code execution vulnerabilities in the Spring Framework Java libraries dubbed Spring4Shell "CVE-2022-22963" and "CVE-2022-22965".
We have determined that the only Windward product possibly affected by these vulnerabilities is the Windward JAVA RESTful engine since no other product references the Spring Framework. Through verification steps we have determined that NO version of the Windward JAVA RESTful engines is affected by either of these vulnerabilities.
CVE-2022-22963: The JAVA RESTful engine does not reference the affected Spring Cloud Function library and therefore does not have the vulnerability. This was also verified by attempting to exploit the vulnerability with no effect.
CVE-2022-22965: The JAVA RESTful engine uses JDK 8 while the vulnerability affects JDK 9+. This was also verified by attempting to exploit the vulnerability with no effect.