Spring Vault 3.0.2 and 2.3.3 fix CVE-2023-20859

Releases | Mark Paluch | March 20, 2023 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Vault 3.0.2 and 2.3.3 versions are available now.

Spring Vault 3.0.2 ships with 7 fixes and documentation improvements Spring Vault 2.3.3 ships with 13 fixes and selected improvements.

Those versions fix the following CVE:

CVE-2023-20859: Insertion of Sensitive Information into Log Sourced from Failed Revocation of Tokens

Those versions will be shipped with Spring Cloud in the next days. Until then, please override the dependency version in your project.

For Gradle builds in build.gradle:

implementation 'org.springframework.vault:spring-vault-core:3.0.2'

Or for Maven builds in pom.xml:

<dependency>
    <groupId>org.springframework.vault</groupId>
    <artifactId>spring-vault-core</artifactId>
    <version>3.0.2</version>
</dependency>

Project Page | GitHub | Issues | Documentation

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all