[As of April 20th, 2022]
We have tested with the recommended method to determine the vulnerability impact on Wowza Streaming Engine. At this time, we have determined that neither of the CVEs listed below impacts Wowza Streaming Engine. This is great news!
- CVE-2022-22963 (regarding Spring Cloud - not used by Wowza Streaming Engine)
As a best practice, we will be updating the vulnerable version of Spring Framework (5.2.7). This update will be included in the next Wowza Streaming Engine release (4.8.19) in Q2 2022.
In the meantime, we will continue to monitor updates to these CVEs and any related impacts to ensure that we are fully mitigating the known vulnerabilities.
There are no mitigation options available at this time.