Product Release Advisory - VMware Tanzu GemFire 10.1.4

VMware Tanzu Data Intelligence

3 more products

36090

04 September 2025

04 September 2025

CLOSED

HIGH

Product Release Advisory

Advisory ID:

TNZ-2025-0096

Severity:

High

Issue Date:

2025-09-04

Updated on:

2025-09-04

Synopsis

Bumped multiple dependencies, which resulted in at least 11 CVEs remediated in this release

 

Product Version Release Advisory

Security Fixes

This release has the following security fixes, listed by component and area.

Component

Vulnerabilities Resolved

JSON-Smart

BDSA-2025-0966 (medium)

Apache Commons Lang

BDSA-2025-6881 (medium)

Apache Commons FileUpload

BDSA-2025-5248 (medium)

Spring Security

BDSA-2025-2271 (medium)

Spring Boot

BDSA-2025-3548 (medium)

BDSA-2024-5686 (medium)

Apache Commons BeanUtils

CVE-2025-48734 (high)

Spring

CVE-2025-22233 (medium)

Netty

CVE-2025-24970 (medium)

CVE-2025-25193 (medium)

BDSA-2025-8614 (medium)

 

History

2025-09-04 Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories
https://tanzu.vmware.com/security