This story was first published on 31 March 2022 and Updated on 5 April 2022
Update 26 April 2022
There has been a steady increase in the number of active attacks against this and related vulnerabilities:
Hackers hammer SpringShell vulnerability in attempt to install cryptominers | Ars Technica
This is a complicated one – but the versions of Java complicated! Here is an article explaining the Spring Cloud framework issues and the versions by Johannes at SANS Internet Storm.
Java Springtime Confusion: What Vulnerability are We Talking About – SANS Internet Storm Centre
VMWare develops the Spring Framework:
Microsoft has issued advice here:
Further Reading
Spring4Shell in the wild executing the Mirai botnet – Smart Thinking Solutions