Spring Boot 2.5.15 and 2.6.15 available now, fixing CVE-2023-20883

Releases | Phil Webb | May 18, 2023 | ...

I happy to announce that Spring Boot 2.5.15 and 2.6.15 have been released and are now available from Maven Central.

This release follows a request from a customer with commercial support that was looking to have the ability to upgrade to later versions of SnakeYAML.

This release also includes fixes for CVE-2023-20883: Spring Boot Welcome Page DoS Vulnerability as well as CVE-2023-20873: Security Bypass With Wildcard Pattern Matching on Cloud Foundry.

If you're interested in purchasing commercial support for Spring, please see https://spring.io/support.

How can you help?

If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Project Page | GitHub | Issues | Documentation | Stack Overflow | Gitter

Get the Spring newsletter

Thank you for your interest. Someone will get back to you shortly.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all