Blog

Cybersecurity Notice on ECG Software Alpaca regarding Spring - ECG

Written by ECG Team | Mar 31, 2022 4:00:00 AM

Updated 2022-05-04: Noting Alpaca 9.1.4 release

 


ECG has reviewed the cybersecurity vulnerability CVE-2022-22965 in Spring, announced March 31, 2022 as it relates to the Alpaca software. All versions of Alpaca are not vulnerable, based on the information given in the announcement. 

Alpaca 9.1.4 was released May 4, 2022 to resolve vulnerabilities due to CVE-2022-22947.

ECG continues to monitor for vulnerabilities, and will upgrade components in the Alpaca Software-Bill-of-Materials to ensure Alpaca is free of vulnerabilities.