Engineering
Releases
News and Events

Spring Project Vulnerability Reports Published

The following CVEs have been published today:

  1. CVE-2018-15756 for Spring Framework 5.1.1, 5.0.10, and 4.3.20.
  2. CVE-2018-15758 for Spring Security OAuth 2.3.4, 2.2.3, 2.1.3, and 2.0.16.

Please, review the information, including affected project versions, in the CVE reports and upgrade immediately.

Spring Boot Users:
Spring Boot 2.0.6 and 1.5.17, released earlier today, contain the fixes for the above vulnerabilities.

comments powered by Disqus