Updated 2022-05-04: Noting Alpaca 9.1.4 release
ECG has reviewed the cybersecurity vulnerability CVE-2022-22965 in Spring, announced March 31, 2022 as it relates to the Alpaca software. All versions of Alpaca are not vulnerable, based on the information given in the announcement.
Alpaca 9.1.4 was released May 4, 2022 to resolve vulnerabilities due to CVE-2022-22947.
ECG continues to monitor for vulnerabilities, and will upgrade components in the Alpaca Software-Bill-of-Materials to ensure Alpaca is free of vulnerabilities.