MicroStrategy April Security Update

Here at MicroStrategy, security is our top priority. Our team continuously works to deliver the most secure and stable platform for our customers. With a continued focus on this mission, today we are releasing a security update on top of the March release that launched two weeks ago.

This update, MicroStrategy 2021 Update 5.1, provides remediation for a remote execution vulnerability (CVE-2022–22965), also referred to as “Spring4Shell”, reported on March 31st, 2022. This vulnerability affects the Java Spring Framework, used by many modern web applications, and has created disruptions across the industry. As we actively tracked this vulnerability, we outlined recommended actions in this KB article on the MicroStrategy Community and kept our customers informed through our social channels.

We have now upgraded Spring Framework libraries to 5.3.18 across the product suite, providing an official and comprehensive fix for the vulnerability found within the Spring Framework. You can download this release from the MicroStrategy Resource Center, or access MicroStrategy on AWS or Azure via the MicroStrategy Cloud Console, with one-click security updates ready to go.

The upgrade will not only ensure you have the latest in security, but also in all things MicroStrategy. We highly recommend all customers upgrade to the latest release.

As always, we thank you for the continued partnership in propelling innovation forward. Stay tuned for new features and updates rolling out, starting with the April release later this month.

Regards,

Tim Lang
MicroStrategy CTO