Spring blog

All Posts
Engineering
Releases
News and Events

CVE-2022-22978: Authorization Bypass in RegexRequestMatcher

Engineering | Rob Winch | May 15, 2022 | ...

UPDATES

  • [05-17] Due to a mixup CVE-2022-22975 should have been CVE-2022-22978. The blog has been updated to reflect this correction.

CVE-2022-22978 : Authorization Bypass in RegexRequestMatcher

Spring Security 5.7.0, 5.6.4, 5.5.7 were released to fix CVE-2022-22978 : Authorization Bypass in RegexRequestMatcher. Please update as soon as possible.

Get the Spring newsletter

Thank you for your interest. Someone will get back to you shortly.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all