Engineering
Releases
News and Events

CVE-2018-1275: address partial fix for CVE-2018-1270

CVE-2018-1270 was reported last week, and unfortunately, was not fully addressed in the 4.3.x branch of the Spring Framework.

A follow-up 4.3.16 version was created and released to Maven Central, and a new CVE-2018-1275 report was published. Please upgrade to 4.3.16 immediately!

Spring Boot 1.5.x Instructions: if impacted by this issue, please upgrade to Spring Boot 1.5.12.

comments powered by Disqus