Alert: DocuSign update on Spring4Shell vulnerability

DocuSign has been monitoring its infrastructure and product environments for potential impact from the Spring4Shell vulnerability (CVE-2022-22965) since it became public on March 29. Our dedicated security vulnerability management team is actively investigating affected components, monitoring for affected configurations, and remediating and mitigating impact. 

The information regarding this vulnerability is still developing and the attack vectors are continuing to evolve. As such, we will continue to assess new information as it becomes available. Based on our current information:

PRODUCT STATUS
eSignature The DocuSign eSignature service is not affected.
CLM The DocuSign CLM service is not affected.
Insight The DocuSign Insight service is not affected.
Legacy LiveOak The DocuSign Legacy LiveOak service is not affected.
Rooms The DocuSign Rooms service is not affected.
Notary The DocuSign Notary service is not affected.

We recommend our customers visit the DocuSign Trust Center (https://www.docusign.com/trust) for any key updates we may share further on this matter.