Wicked Good Development is dedicated to the future of open source. This space is to learn about the latest in the developer community and talk shop with open source software innovators and experts in the industry.
Did Spring4Shell set the internet on fire again? Not so fast. In a special episode of Wicked Good Development we dissect the zero-day RCE vulnerability in the Spring Framework dubbed Spring4Shell or Springshell. From comparisons to Log4j to how to remediate it and what versions on vulnerable, the experts on today’s show break down what we know so far about this new vulnerability. And most importantly, how to determine if you’re effected.
You can stay up to date on all things Spring4Shell on our resource center.
Listen to the Episode
Wicked Good Development is available wherever you find your podcasts. Visit our page on Spotify’s anchor.fm
Show notes
Guests
- Ax Sharma, Sr. Security Researcher, Sonatype
- Steve Poole,Developer Advocate, Sonatype
- Juan Aguirre, Security Researcher, Sonatype
Hosts
Topics Discussed
Spring4Shell, Java, JDK9, Log4j, Open Source vulnerabilities
References
- Spring blog post around the RCE vulnerability – https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
- Sonatype’s blog post around Spring4Shell – https://blog.sonatype.com/why-namespacing-matters-in-public-open-source-repositories
Transcription
Kadi Grigg: [00:00:01] Hi, my name is Kadi Grigg. Coming to you live from Sonatype today, we’re here for a conversation with senior security researcher, Ax Sharma, another security researcher, Juan Aguirre and we have Developer Advocate Steve Poole. Thank you all so much for joining today. Before we dive in, I know the topic of conversation we’ll aoll be discussing today is the SpringShell. So before we get into it, Ax, do you want to give us a high level overview currently where we’re at? Why has my Twitter feed been blowing up for the past 48 hours (Read more...)
