Today we received a security fix from spring.io for the earlier mentioned spring4shell vulnerability.
We applied and tested this security fix to our 3 impacted Ymonitor sub-systems, and we deployed it to our production environment today at 17h00 CEST. This vulnerability is hereby fixed for Ymonitor.
We want to mention again that Ymonitor sentinel clients are not affected by this vulnerability !
Kind regards,
Sentia Support
Posted Apr 01, 2022 - 17:14 CEST
Resolved
Dear Customers,
In the evening of March the 30th 2022, Sentia learned about the Spring Framework related RCE vulnerability (CVE-2022-22965), so-called "Spring4Shell". We are investigating the risk of this vulnerability on Sentia environments and we are taking actions to eliminate or mitigate this risk. Sentia takes this very seriously and is working hard to keep it on track, taking into account a good balance between continuity and security.
At this moment, 1. We think that some Ymonitor sub-systems might be affected. 2. We know for sure that Ymonitor sentinel clients are not affected.
We are following the updates by Spring.io. We will soon apply the fixes that they suggest and keep you posted with the news. Thank you for your patience.
If you have any further questions on this subject you can submit them via the regular channels.
Kind regards, Sentia Support
Posted Mar 31, 2022 - 16:46 CEST
This incident affected: Ymonitor Dashboards, ymonitor.nl, API, Measurement Data Storage, Alerting, and YGate API.