On behalf of the team, I am pleased to announce that Spring Framework 5.2.23.RELEASE is available now. This release has been requested by Spring Framework commercial support customers and is available on Maven Central.

Spring Framework 5.2.23.RELEASE ships with 3 fixes, including a fix for the following CVE:

• cve-2023-20861: Spring Expression DoS Vulnerability.
• 5.2.22.RELEASE was not vulnerable to cve-2023-20860, so no fix was required.

This version will not be shipped with a Spring Boot release as 2.3.x is out of commercial support. You can manually upgrade Spring Framework in your Spring Boot Maven or Gradle builds. Upgrading to a supported Spring Boot version is strongly advised.

Project Page | GitHub | Issues | Documentation