Skip to main content

Hi Community!

Based on current feedback from a customer of mine, they had scanned their network for security risks and found the following information

 

 

The VMware Spring Framework version on the remote host has reached the end of life., , CPE: cpe: /a: vmware: spring_framework: 3.2.18, Installed version: 3.2.18, Location/URL: C: \Program Files\IFS\DeveloperStudio22.120\java\modules\ext\spring-3.0\spring-core-3.2.18.RELEASE.jar, EOL version: 3.2, EOL date: 2016-12-31,

 

As Customer informed me, the open JDK version is no longer supported and it does not seem to be updated regularly.

 

There are only two ways to handle this, from my perspective.

  1. Update the OpenJDK
  2. Live with it

 

Any experience or additional information you might be able to provide?

Thanks a lot,

TT

hi @Technical Toby 

 

Sorry for the late reply.

Developer studio tool is built on top of Apache NetBeans IDE by using set of plugins. The existing tool is based on NetBeans 12.

We have recently updated the Developer Studio tool into Apache NetBeans 18 version but it is not yet released to external users. Latest tool will get released to external users in by end of March.

 

Even in latest NetBeans, Apache uses the same Sprint library versions as before (spring-3.0\spring-core-3.2.18). They have not upgraded the libraries as they have a direct dependency with the NB IDE. Actually we have noticed these expired libraries before and we check with NetBeans. As we heard they will not update the libraries immediately, but they confirmed that these libraries are not  vulnerable and not exploitable either even they have reached EOL, so we can use then without any issue. Since Developer studio is based on NetBeans we need to wait until they update the libraries.  

 

We already updated the OpenJDK version in the new tool, but still we do have spring-3.0\spring-core-3.2.18 dependency.  According to NetBeans we can live with this without any issue.

 

Please refer to my previous post for more info : 

 

Thanks

Harshini


Reply