Remedying the Spring MVC vulnerability
Recently, Spring announced a critical vulnerability with their MVC version running on Apache Tomcat. This is an application that uses Spring Framework for their Java-based technologies by many web-based applications and services, including PrinterOn services. When exploited, this vulnerability can allow hackers to enable remote code execution (RCE) via data binding. This vulnerability affects all CPS installations of PrinterOn.
To close this vulnerability, PrinterOn recommends that you install PrinterOn Enterprise version 4.3.9, and run the Spring MVC vulnerability patch.
Note: To upgrade from a version earlier than PrinterOn Enterprise version 4.3.9, you must first upgrade to version 4.3.9, then run this script. Please refer to the Release Notes for more information on the upgrade path.
PrinterOn strongly recommends applying this patch as soon as possible.