Spring Security 6.3.0-M3, 6.2.3, 6.1.8, 6.0.10, 5.8.11 and 5.7.12 are now available

Releases | Marcus Hert Da Coregio | March 18, 2024 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce that the third milestone of Spring Security 6.3 is released. This release brings several new features that you can check on the release page or on the What's New section of the 6.3 documentation.

In addition to that, Spring Security 6.2.3, 6.1.8, 6.0.10, 5.8.11 and 5.7.12 have been released as well! These releases are mostly composed of bug fixes, dependency upgrades and documentation improvements.

The releases address CVE-2024-22257 for Possible Broken Access Control in Spring Security With Direct Use of AuthenticatedVoter.

To learn more, please visit the releases page.

Tanzu Spring Runtime

Commercial customers using Spring Boot 2.7 or 3.0 can make use of the new Spring Boot Hotfix release mechanism, providing versions and Spring Boot Hotfix releases are timely releases that patch dependency management to use the latest Spring artifacts when a CVE fix is released. The hotfix versions released today are available on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription.

Commercial customers and OSS users of Spring Boot 3.1 and 3.2 should manually upgrade to Spring Security 6.1.8 and 6.2.3 now, and to Spring Boot 3.1.10 and 3.2.4 later this week when those become available.

Stay tuned for more details on hotfix releases and our plans in that space.

Project Site | Reference | Help

Get the Spring newsletter

Thank you for your interest. Someone will get back to you shortly.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all