The spring vulnerability which was found is not applicable to Exterro products, as a lower version of Java 1.8.232 (that is used by Exterro) is unaffected, and in addition Exterro utilises Fat Jar for deployments; not the affected WAR format. 


This vulnerability does not impact any Exterro products.