Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreCVE-2016-5007 Spring Security / MVC Path Matching Inconsistency
Spring Framework 4.3.1 and Spring Security 4.1.1 provide fixes for CVE-2016-5007 "Spring Security / MVC Path Matching Inconsistency".
Applications using Spring Security and Spring MVC should upgrade to Spring Security 4.1.1+ and Spring Framework 4.3.1+ and use the MvcRequestMatcher.
Additional details and further mitigations can be found in CVE-2016-5007.
Get support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all