All releases of TDS 5 prior to the March 31, 2022 TDS 5.4-SNAPSHOT release are vulnerable to the Spring Framework library Spring4Shell exploit [cve-2022-22965].
We are aware of active hacking attempts against Internet-based unpatched TDS servers, with one reported successful attempt in the community. Such attempts occurred as early as Wednesday March 30 before Spring officially announced the existence of the vulnerability.
If you haven't done so already, we strongly encourage 5.x users to upgrade to the latest snapshot immediately.[Read More]