CVE-2017-4995: Spring Security 4.2.3 Released

Releases | Rob Winch | June 08, 2017 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security 4.2.3 which fixes CVE-2017-4995. Users are encouraged to update immediately.

For additional changes included in this, refer to the changelog.


Spring Boot users can update to Spring Boot 1.5.4 or customize the Spring Security version using spring-security.version.

Project Site | Reference | Guides | Help

Get the Spring newsletter

Thank you!

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all