Spring blog

News and Events

CVE-2023-34053, CVE-2023-34055: Spring Framework and Spring Boot vulnerabilities

Engineering | Brian Clozel | November 27, 2023 | ...

Updates

[11-27] Blog posts updated to refer to the CVE reports published

The Spring Framework 6.0.14 release shipped on November 16th includes a fix for CVE-2023-34053.

The Spring Boot 2.7.18 release shipped on November 23th includes fixes for CVE-2023-34055.

Users are encouraged to update as soon as possible.