Just a few months after the Log4j Java library was discovered to have a vulnerability (called Log4Shell) that not only affected many software products but also reportedly affected several critical OT devices; a new vulnerability affecting Java’s most popular framework Spring has been discovered.