SolarWinds Database Performance Analyzer 2022.1.7779 Resolving Spring4Shell Vulnerability Is Now Generally Available!

DPA Service Release 2022.1.7779 resolves the Spring4Shell vulnerability (CVE-2022-22965)

For the protection of your environment, SolarWinds strongly recommends all customers upgrade to the latest available version of Database Performance Analyzer (DPA 2022.1.7779).

You can download the 2022.1.7779 Service Release of DPA from the SolarWinds® Customer Portal

SolarWinds has previously published a security advisory related to vulnerabilities from Spring software that is packaged within all prior releases of Database Performance Analyzer.

The Spring4Shell vulnerability is a third-party vulnerability in the Spring Framework, which is a popular framework used by Java developers to build modern applications. The Spring Framework is owned by VMware.

DPA 2022.1.7779 replaces all Spring Framework files affected by the Spring4Shell vulnerability (CVE-2022-22965).

Please see more information about this vulnerability and our investigation in:

For more details on the DPA 2022.1.7779 Service Release itself, please review the following:

Thwack - Symbolize TM, R, and C