Build the apps that make the world run. Join us at SpringOne in San Francisco, Dec 6–8. >
close

Spring Framework CVE-2021-22060 has been published

The Spring Framework 5.3.14 and 5.2.19 releases on December 16 included fixes for CVE-2021-22060 and are a follow-up to CVE-2021-22096, to address additional types of input that can cause the issue. As the Spring Boot releases 2.6.2 and 2.5.8 picking up these Spring Framework versions were due the day before Christmas and given the medium severity, we postponed the announcement until after the new year, to avoid disclosure during a period when many take time off. Please, upgrade to those latest maintenance releases.

comments powered by Disqus