Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreCVE-2019-11272: Spring Security 4.2.13 Released
We have released Spring Security 4.2.13 to address CVE-2019-11272: PlaintextPasswordEncoder authenticates encoded passwords that are null.
Users are encouraged to update immediately.
With Spring Boot, you can override the Spring Security version in Maven like so:
<properties>
<spring-security.version>4.2.13.RELEASE</spring-security.version>
</properties>
Or in Gradle like so:
ext['spring-security.version'] = '4.2.13.RELEASE'
Note that users of Spring Security 5+ are not affected by this vulnerability.
Get support
Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all