Spring blog

All Posts
Engineering
Releases
News and Events

CVE-2019-3799: Spring Cloud Config 2.1.2, 2.0.4, 1.4.6 Released

Releases | Spencer Gibb | April 17, 2019 | ...

We have released Spring Cloud Config 2.1.2, 2.0.4, and 1.4.6 to address CVE-2019-3799: Directory Traversal with spring-cloud-config-server. Please review the information in the CVE report and upgrade immediately.

These fixes will be included in the next release of the respective Spring Cloud release train.

NOTE: To override the version in Maven, update the dependency to include the version, such as:

<dependency>
	<groupId>org.springframework.cloud</groupId>
	<artifactId>spring-cloud-config-server</artifactId>
	<version>2.1.2.RELEASE</version>
</dependency>

Similarly, in Gradle:

dependencies {
	compile('org.springframework.cloud:spring-cloud-config-server:2.1.2.RELEASE')
}

Project Page | GitHub | Help

Get the Spring newsletter

Thank you for your interest. Someone will get back to you shortly.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all