Question is does it have impact?
In New Spring4Shell Zero-Day Vulnerability Confirmed: What it is and how to be prepared article there is a link made to spring-core.
So version 14.7.5 goes to spring-core 5.3.15, using Java 8 and tomcat 9. And if you’re not using DataBind without allowlist or denylist I presume to be safe for now. Is that correct?
Kind regards,
Kitty.