Engineering
Releases
News and Events

CVE-2019-3799: Spring Cloud Config 2.1.2, 2.0.4, 1.4.6 Released

We have released Spring Cloud Config 2.1.2, 2.0.4, and 1.4.6 to address CVE-2019-3799: Directory Traversal with spring-cloud-config-server. Please review the information in the CVE report and upgrade immediately.

These fixes will be included in the next release of the respective Spring Cloud release train.

NOTE: To override the version in Maven, update the dependency to include the version, such as:

<dependency>
	<groupId>org.springframework.cloud</groupId>
	<artifactId>spring-cloud-config-server</artifactId>
	<version>2.1.2.RELEASE</version>
</dependency>

Similarly, in Gradle:

dependencies {
	compile('org.springframework.cloud:spring-cloud-config-server:2.1.2.RELEASE')
}
comments powered by Disqus