We have released Spring Security OAuth 2.3.6, 2.2.5, 2.1.5 and 2.0.18 to address CVE-2019-11269: Open Redirector in spring-security-oauth2. Please review the information in the CVE report and upgrade immediately.
For additional changes included in each release, please refer to:
NOTE: For users of Spring Boot 1.5.x and Spring IO Platform Cairo, it is highly recommended to override the
spring-security-oauth version to the latest version containing the fix for the CVE. Please see the Mitigation section in the CVE report for detailed instructions on how to override the version.