Engineering
Releases
News and Events

CVE-2017-4995: Spring Security 4.2.3 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 4.2.3 which fixes CVE-2017-4995. Users are encouraged to update immediately.

For additional changes included in this, refer to the changelog.

Note
Spring Boot users can update to Spring Boot 1.5.4 or customize the Spring Security version using spring-security.version.
comments powered by Disqus