Index: lams_common/src/java/org/lamsfoundation/lams/commonContext.xml
===================================================================
diff -u -r92525f17be9db4e57a8551ff92d004f319fb4b73 -r5540073d41b09023132de765ea353e297a50e524
--- lams_common/src/java/org/lamsfoundation/lams/commonContext.xml	(.../commonContext.xml)	(revision 92525f17be9db4e57a8551ff92d004f319fb4b73)
+++ lams_common/src/java/org/lamsfoundation/lams/commonContext.xml	(.../commonContext.xml)	(revision 5540073d41b09023132de765ea353e297a50e524)
@@ -8,6 +8,10 @@
 	<!-- ========================= GENERAL DEFINITIONS ========================= -->
 
 	<import resource="messageContext.xml"/>
+	
+	
+	<!-- Addresses Spring vulnerability CVE-2022-22965 -->
+	<bean class="org.lamsfoundation.lams.web.filter.LamsAnnotationMethodHandlerAdapter" />
 
 	<!-- ========================= RESOURCE DEFINITIONS ========================= -->
 
Index: lams_common/src/java/org/lamsfoundation/lams/web/filter/LamsAnnotationMethodHandlerAdapter.java
===================================================================
diff -u
--- lams_common/src/java/org/lamsfoundation/lams/web/filter/LamsAnnotationMethodHandlerAdapter.java	(revision 0)
+++ lams_common/src/java/org/lamsfoundation/lams/web/filter/LamsAnnotationMethodHandlerAdapter.java	(revision 5540073d41b09023132de765ea353e297a50e524)
@@ -0,0 +1,29 @@
+package org.lamsfoundation.lams.web.filter;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.web.bind.ServletRequestDataBinder;
+import org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter;
+
+/**
+ * Addresses Spring vulnerability CVE-2022-22965
+ * https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement
+ */
+public class LamsAnnotationMethodHandlerAdapter extends AnnotationMethodHandlerAdapter {
+
+    @Override
+    protected ServletRequestDataBinder createBinder(HttpServletRequest request, Object target, String objectName)
+	    throws Exception {
+	ServletRequestDataBinder binder = super.createBinder(request, target, objectName);
+	String[] fields = binder.getDisallowedFields();
+	List<String> fieldList = new ArrayList<>(fields != null ? Arrays.asList(fields) : Collections.emptyList());
+	fieldList.addAll(Arrays.asList("class.*", "Class.*", "*.class.*", "*.Class.*"));
+	binder.setDisallowedFields(fieldList.toArray(new String[] {}));
+	return binder;
+    }
+}
\ No newline at end of file