As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Spring4Shell Risk Mitigation

ThreadFix Spring4Shell Vulnerability Response

The National Vulnerability Database has identified a high risk exploit, Spring4Shell, which affects applications running Tomcat as a WAR deployment. For more information refer to CVE-2022-22965. In response Coalfire has tested ThreadFix to assess risk and mitigation options. Users should update their version of Tomcat to the latest version in addition to upgrading to ThreadFix version 2.8.6 which further mitigates risk of exposure and provides an additional security enhancement. At a minimum, ThreadFix recommends all users update their version of Tomcat to version 8.5.78 to safeguard against exposure.

Tomcat Update and Migration Guides


April 2022 Update

ThreadFix version 2.8.6 addresses the Spring4Shell vulnerability, note the download file and release notes below:


If you have any questions or concerns please reach out to our support team at |
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.