Is the Spring4Shell vulnerability email from Shopify Partners legitimate?

Clodbuster · April 4, 2022, 8:27am

I received an email from “Shopify Partners partners@email.shopify.com” which advises me ;-

“On March 29th, we became aware of the Spring4Shell vulnerability through our proactive security monitoring, and immediately investigated any potential risk to our systems. This vulnerability affects the common programming libraries “Spring Framework and Spring Boot” and can be exploited to achieve remote code execution.”

It then asks me to upload a mitigation patch.

Is this a genuine email?? I have never had to upload an update or patch so I’m concerned it is fraudulent. All the links show “www.click.email.shopify.com”

I’ve never heard of Spring4Shell before either.

Thanks.

irene-vintage · April 4, 2022, 8:34am

Hi @Clodbuster it’s highly recommended that you contact Shopify support as soon as possible to clarify the mentioned email and problem. You can contact them via multiple options https://help.shopify.com/en in case it’s a fraudulent email, Shopify will have their ways to warn merchants. Hope this helps!

shikhas20 · April 6, 2022, 11:33am

Have you got any solution?
I am also getting the same mail from Shopify Partners.
My app is created in laravel framework. Is this affected in my app?

Topic		Replies	Views
[Urgent Action Required] Log4Shell Vulnerability Shopify Discussion troubleshooting	1	7	December 14, 2021
Spring4Shell Vulnerability question Store Design liquid , Setting-Up	1	62	April 25, 2022
Is Shopify affected by the log4j vulnerability? Technical Q&A	13	400	December 17, 2021
È una truffa/spam o no? Shopify Discussion troubleshooting	3	31	September 24, 2024
Weird email reporting a bug and asking for a reward Shopify Discussion shop-performance	4	65	August 8, 2023

Is the Spring4Shell vulnerability email from Shopify Partners legitimate?

Related topics