There is a critical security vulnerability (CVE-2022-22965) in the Java Spring Framework used in PoolParty 8.1.5 and earlier versions.
PoolParty 8.1.6 – As suggested by the vendor, PoolParty 8.1.6 comes with Apache Tomcat 9.0.62. In Tomcat 9.0.62, specific class implementation was refactored in a way that provides adequate protection from the CVE exploitation. You can get PoolParty 8.1.6 from our download area.
To finally remediate the issue, we will upgrade the Java Spring Framework with the next major release of PoolParty.