Spring Security 6.1.0-RC1, 6.0.3, 5.8.3 and 5.7.8 released, fix CVE-2023-20862

Releases | Marcus Hert Da Coregio | April 17, 2023 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Security 6.1.0-RC1, 6.0.3, 5.8.3 and 5.7.8 versions are available now.

Please refer to the releases page for more detail on what is included in each release.

Those versions fix the following CVE:

The 6.0.3 and 5.7.8 versions will be shipped with Spring Boot 3.0.6 and 2.7.11, to be released next Thursday. In the meantime, you can update your existing Spring Boot application to pick up the latest Spring Security version.

For Gradle builds in build.gradle:

ext['spring-security.version'] = '6.0.3'

Or for Maven builds in pom.xml:

<properties>
  <spring-security.version>6.0.3</spring-security.version>
</properties>

It is also important to remember that the 5.8 version of Spring Security is a special release designed to help you to migrate to Spring Security 6.0, therefore if you are planning to upgrade your applications, using that version combined with the special migration guide makes the migration a lot smoother.

Project Page | GitHub | Issues | Documentation

Get the Spring newsletter

Thank you for your interest. Someone will get back to you shortly.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all