heise PlusAbo
Anzeige

SSL configuration error jeopardizes VMware Tanzu Spring Cloud Gateway

A security update closes a vulnerability in the VMware Tanzu Spring Cloud Gateway API gateway.

listen Print view
A symbolic update reminder.

(Image: Artur Szczybylo / Shutterstock.com)

1 min. read
Security
By

Due to an error, certain SSL configurations in the VMware Tanzu Spring Cloud Gateway API gateway are not applied – users are unaware of this. A patch now resolves the issue.

Protect instances from possible attacks

In a warning message, the developers explain that errors can occur when configuring SSL bundles using spring.ssl.bundle. This leads to settings being ignored and the default SSL configuration being used instead.

If administrators make individual, security-relevant changes that are then not applied, this creates a security risk.

Videos by heise

The developers state that they have closed the vulnerability (CVE-2026-22750, “high”) in Spring Cloud Gateway 4.2.1 (Enterprise Support Only). So far, there are no indications of attacks.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten