Identified - Thank you for your patience as we thoroughly assessed this potential threat. We have tested with the recommended method to determine the vulnerability impact on Wowza Streaming Engine and Streaming Cloud.
At this time, we have determined that neither of the CVEs listed below impacts Wowza Streaming Engine or Streaming Cloud. This is great news!
CVE-2022-22963
CVE-2022-22965
However, as a best practice, we will be updating the vulnerable version of Spring Framework (5.2.7). We are assessing the timeline to make this available to you as we know it is likely that future pen-tests will flag this version of Spring Framework, even though Wowza has determined it is not impacting Wowza Streaming Engine.
At this time we are working on a mitigation option to bridge the time until we can include the updated files in our next scheduled release.
Once we have determined the timeline to deliver this update, we will provide the update to you in this incident alert.