Statement Regarding Lockpoint and CVE-2022-22965 (Spring4Shell) 2022-04-05

Date: April 5, 2022


The CVE-2022-22965 (Spring4Shell) vulnerability impacts a number of Java-based applications.

Cenote Lockpoint is not vulnerable to CVE-2022-22965.


Lockpoint does not use the Spring Framework, which is the component which contains the vulnerability.

This statement applies to all released versions of Lockpoint (1.x, 2.x).


If you have any questions, please contact Cenote Support.