A set of high profile vulnerabilities, known as Spring4Shell, has been identified affecting the Java Spring Framework and related software components. Four CVEs (Common Vulnerabilities and Exposures) have been released so far, with potential for full remote code execution compromise. Customers using Java Spring and related software components should update to the latest versions by following official Spring project guidance. The Cloudflare WAF team has deployed new managed mitigation rules to protect against these vulnerabilities.