Hear from the Spring team this January at SpringOne. >

CVE-2022-31692: Authorization rules can be bypassed via forward or include in Spring Security

Spring Security 5.6.9 and 5.7.5 released on October 31st, 2022 included a fix for CVE-2022-31692 affecting the AuthorizationFilter. Users are encouraged to update as soon as possible.

comments powered by Disqus