CVE-2023-34053, CVE-2023-34055: Spring Framework and Spring Boot vulnerabilities

Engineering | Brian Clozel | November 27, 2023 | ...


  • [11-27] Blog posts updated to refer to the CVE reports published

The Spring Framework 6.0.14 release shipped on November 16th includes a fix for CVE-2023-34053.

The Spring Boot 2.7.18 release shipped on November 23th includes fixes for CVE-2023-34055.

Users are encouraged to update as soon as possible.

Get the Spring newsletter

Thank you for your interest. Someone will get back to you shortly.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all