spring-data-dynamodb icon indicating copy to clipboard operation
spring-data-dynamodb copied to clipboard

Published 20 hours ago verified publisher icon derjust

spring-data-dynamodb - Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)

Open nanandmca opened this issue 2 years ago • 2 comments

Expected Behavior

New version of Spring Framework which have fix for CVE-2022-22965 Spring Boot compatibility for 2.5.12 Spring Framework for 5.3.18

Actual Behavior

Not supporting new version of Spring Boot and Spring Framework

Steps to Reproduce the Problem

  1. Change the version of Spring Boot to 2.5.12
  2. Change the version of Spring Framework to 5.3.18

Specifications

  • Spring Data DynamoDB Version:
  • Spring Data Version:
  • AWS SDK Version:
  • Java Version:
  • Platform Details:

All those information are logged by org.socialsignin.spring.data.dynamodb.repository.support.DynamoDBRepositoryFactory on INFO level on startup. Or use java -version and mvn dependency:tree | grep -E 'spring|aws' to provide those version numbers.

nanandmca avatar Apr 02 '22 00:04 nanandmca

ReflectionEntityInformation is deprecated in new Spring version.. Below is compilation error

[ERROR] /C:/MyFiles/MyWork/build-issue/spring-data-dynamodb/src/main/java/org/socialsignin/spring/data/dynamodb/repository/support/DynamoDBIdIsHashAndRangeKeyEntityInformationImpl.java:[21,56] cannot find symbol [ERROR] symbol: class ReflectionEntityInformation [ERROR] location: package org.springframework.data.repository.core.support [ERROR] /C:/MyFiles/MyWork/build-issue/spring-data-dynamodb/src/main/java/org/socialsignin/spring/data/dynamodb/repository/support/DynamoDBIdIsHashAndRangeKeyEntityInformationImpl.java:[37,78] cannot find symbol [ERROR] symbol: class ReflectionEntityInformation [ERROR] /C:/MyFiles/MyWork/build-issue/spring-data-dynamodb/src/main/java/org/socialsignin/spring/data/dynamodb/repository/support/SimpleDynamoDBCrudRepository.java:[47,8] org.socialsignin.spring.data.dynamodb.repository.support.SimpleDynamoDBCrudRepository is not abstract and does not override abstract method deleteAllById(java.lang.Iterable<? extends ID>) in org.springframework.data.repository.CrudRepository [ERROR] /C:/MyFiles/MyWork/build-issue/spring-data-dynamodb/src/main/java/org/socialsignin/spring/data/dynamodb/repository/support/SimpleDynamoDBPagingAndSortingRepository.java:[56,8] org.socialsignin.spring.data.dynamodb.repository.support.SimpleDynamoDBPagingAndSortingRepository is not abstract and does not override abstract method deleteAllById(java.lang.Iterable<? extends ID>) in org.springframework.data.repository.CrudRepository [ERROR] /C:/MyFiles/MyWork/build-issue/spring-data-dynamodb/src/main/java/org/socialsignin/spring/data/dynamodb/repository/support/DynamoDBIdIsHashAndRangeKeyEntityInformationImpl.java:[37,8] org.socialsignin.spring.data.dynamodb.repository.support.DynamoDBIdIsHashAndRangeKeyEntityInformationImpl is not abstract and does not override abstract method getJavaType() in org.springframework.data.repository.core.EntityMetadata [ERROR] -> [Help 1]

nanandmca avatar Apr 02 '22 01:04 nanandmca

https://github.com/derjust/spring-data-dynamodb/issues/267

Here another repo handle this issue

api group: 'io.github.boostchicken', name: 'spring-data-dynamodb', version: '5.2.0-SNAPSHOT'

nanandmca avatar Apr 02 '22 04:04 nanandmca