Welcome to Knowage Q&A, where you can ask questions and receive answers from other members of the community.

Categories

Most popular tags

cockpit dataset error chart datasource installer datasets installation widget parameters business-model olap knowage knowage_7_1 integration login knowage_7_1-ce report-designer cross-navigation analyticaldriver

Spring Vulnerability

0 votes
1 view

Hi,

I notice that we're using Spring software in Knowage. E.g. in the jasperreports area. There is an announcent by Spring that there is a new vulnerability.

https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement

I'm using java version 1.8.0_181. As far as I can see, from the information that is available, we're not in trouble.

1) Could you please confirm this?

2) Is the latest version using a spring version that is also safe in Java 9?

3) Is Java 9 needed for the latest version or can we stick to the version above?

Best regards and thanks in advance,
Freek

Environment Knowage 7
in Standard by (290 points)

1 Answer

0 votes
Dear @freek

JDK 1.8 is the only certified Java version for Knowage, even for the latest release 8.0 and the new incoming release 8.1. Do not upgrade to JDK 9 or newer versions.

I confirm JDK 8 is safe. Anyhow, we will upgrade spring version asap.

Cheers

Davide
by (1.9k points)
Thank you Davide.
by (290 points)
Powered by Question2Answer
...