Spring Cloud Netflix version 2.2.10.RELEASE is now available

Releases | Olga Maciaszek-Sharma | November 17, 2021 | ...

On behalf of the community, I am pleased to announce that Spring Cloud Netflix version 2.2.10.RELEASE has been released.

This is primarily a security release that fixes the CVE-2021-22053.

Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf exposed a way to execute code submitted within the request URI path during the resolution of view templates. When a request was made at /hystrix/monitor;[user-provided-data], the path elements following hystrix/monitor were being evaluated as SpringEL expressions, which could lead to code execution.

This release fixes the issue.

Get the Spring newsletter

Thank you!

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all