CVE-2017-4995: Spring Security 4.2.3 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 4.2.3 which fixes CVE-2017-4995. Users are encouraged to update immediately.

For additional changes included in this, refer to the changelog.

Spring Boot users can update to Spring Boot 1.5.4 or customize the Spring Security version using spring-security.version.
comments powered by Disqus