We have released STS 4.16.1 for Eclipse and Spring VSCode extensions1.40.0 to address the following CVE report:
- CVE-2022-31691: Remote Code Execution via YAML editors in STS4 extensions for Eclipse and VSCode
Please review the information in the CVE report and upgrade immediately.
Eclipse: STS upgrade to 4.16.1
VSCode: Spring Boot Tools upgrade to 1.40.0
VSCode: Concourse CI Pipeline Editor upgrade to 1.40.0
VSCode: Bosh Editor upgrade to 1.40.0
VSCode: Cloudfoundry Manifest YML Support upgrade to 1.40.0
See Spring Tools page to find the latest releases