Patch 2024.2.7 / CVE-2025-41234
The Spring project has published a Security Advisory concerning Spring Framework, an open-source library used by INFOMOTION Data Management Center.
Based on our analysis and the available information, the relevant vulnerability CVE-2025-41234 does not affect INFOMOTION Data Management Center since
our application does not prepare headers using org.springframework.http.ContentDisposition.
Nonetheless, we are publishing a Patch Release of Data Management Center with an updated & fixed version of Spring Framework.
Dependency Upgrades
- Upgrade to Spring Framework from 6.2.5 to 6.2.8 to avoid potential issues with CVE-2025-41234
(since 2024.2.6)
Docker-Image: infomotiondmc.azurecr.io/dmc:2024.2.7