Engineering
Releases
News and Events

CVE-2018-1199: Spring Security 5.0.1, 4.2.4, 4.1.5 Released

We have released Spring Security 5.0.1, 4.2.4, and 4.1.5 to address CVE-2018-1199: Security bypass with static resources Users are encouraged to update immediately.

One of the changes introduced for this CVE was setting StrictHttpFirewall as the default HttpFirewall. User’s can refer to the Javadoc and reference for additional information on how to configure it.

comments powered by Disqus