VMware offers training and certification to turbo-charge your progress.Learn more
Spring Security 3.2.2 (change log) and 3.1.6 (change log) have been released and are available in Maven Central.
Among the highlights, these two releases resolve CVE-2014-0097 which allows a malicious user to impersonate a user with an empty password if ALL of the following hold true:
NOTE: This does NOT impact users of LdapAuthenticationProvider or
For full details on the releases, please refer to the previously mentioned change logs.