Note: This page applies to SFTP Gateway version 2.x. Visit Here for documentation on version 3.x.
Based on our findings regarding the Spring4Shell CVE, we are not vulnerable to the RCE attack.
For an application to be vulnerable, it would have to match several conditions outlined in the Spring advisory.
One of these conditions is that it would have to use Apache Tomcat as a servlet container, which we don't use. The application would also have to be packaged as a traditional WAR which we also do not use, as our builds are packaged by JAR.
As always, you should have your own security team review the systems to verify you are not vulnerable.