Major news carriers have been reporting on the Spring Framework DoS Vulnerability in Java applications that utilize Spring.
The OME team in Dundee as well as Glencoe Software have evaluated the libraries used by OMERO.server, OMERO.insight as well as the OMERO micro-services. We can say with confidence that OMERO and OMERO Plus are not vulnerable as they do not handle file uploads via data binding to MultipartFile or Servlet Part.
OME and Glencoe will continue to monitor and evaluate the exposure of our various software libraries to these and any other vulnerabilities.
© 2005-2025 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 4.0 International License
OME source code is available under the GNU General public license or more permissive open source licenses, or through commercial license from Glencoe Software Inc.
OME, Bio-Formats, OMERO, IDR and their associated logos are trademarks of Glencoe Software Inc., which holds these marks to protect them on behalf of the OME community.
[ Site Map ]
Version: 2025.09.19