CVE-2022-22965 or Spring4Shell is a vulnerability found in the Spring Framework running on Java Development Kit 9, allowing for potential data leaks and remote code execution in vulnerable applications. Spring is an open source lightweight Java platform development framework used to create high-quality, easily testable code and is currently owned by VMWare.
Products Confirmed As Not Impacted
Third Party Software
Products Confirmed As Patched
Trifacta – Patch applied
Trifacta Cloud – Patch applied
Hyper Anna – Patch applied
Hyper Anna Cloud – Patch applied
While both products were found to be unaffected, we have applied suggested patches from Spring.
All versions of Connect have vulnerable dependencies and we recommend updating the Apache Tomcat Server included in the install. Step by step instructions for accomplishing this are available here. If you require further assistance, please contact Customer Support.
Alteryx will also be providing fixed versions of Connect for currently supported versions as they become available. The current supported versions of Connect are: