Patch 2025.1.3 / CVE-2025-41249
CVE-2025-41242
A vulnerability in the Spring Framework CVE-2025-41249 has been reported. The INFOMOTION Data Management Center (DMC) includes the Spring Framework as part of its package.
Based on our analysis and existing automated tests of authorization procedures, we do not believe Data Management Center to be impacted by the vulnerability.
Nonetheless, we are now releasing an updated version 2025.1.3 of Data Management Center that includes a patched version of the Spring Framework.
Dependency Upgrades
- Upgrade Spring Boot from
6.2.10to6.2.11.
Features
- Added ENV Parameter
DMC_TRIM_ALL_NON_PKSto trim all non-primary-key fields.
Bugfixes
- Ensured proper rollback of caches when
DeploymentSetimport fails due to exceptions. - Fixed incorrect validation in Trigger Form.
- Fixed incorrect validation in Task Form.
- Fixed translation error in Table-View.
- Resolved error in Admin-Task-View caused by invalid commands missing a
tableId. Added a tooltip to indicate when a command is invalid and will not be scheduled. - Improved error message for
Objects not found: COMMAND #-2147483648when deleting a command referenced by a task. - Editing is now possible when domain values are invalid; outdated entries (not part of the list of values) are shown with a warning.
- Fixed issue where entries could not be deleted if a primary key field was set to
null. - Scheduled commands that fail due to a missing command are now automatically unscheduled.
(since 2025.1.2)
Container Image: infomotiondmc.azurecr.io/dmc@sha256:bd1d896e0ff996c19ebcb9bb197db5905b213eb4636721921e15fc4ca7b6d202 WAR File : https://dmcwiki.blob.core.windows.net/dmc-releases/2025.1.3/dmc.war (sha256: 2246bdebba17989ad468f89433f4bb5fe21e09a8973273f923ac00e8623c2d4c)