Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSpring Framework Releases Fixes for CVE-2024-38808 and CVE-2024-38809
The Spring Framework has released versions 5.3.39, 6.0.23, and 6.1.12 that contain fixes for CVE-2024-38809, DoS via conditional HTTP requests.
The 5.3.39 release contains an additional fix for CVE-2024-38808, DoS via SpEL expression.
Note that version 5.3.39 has fixes for both CVEs. Version 5.3.38 was released earlier on the same day, and it contains the fix for CVE-2024-38809 but not CVE-2024-38808.
Upgrading Your Project
Commercial customers using Spring Boot 2.7, 3.0, or 3.1 can make use of Spring Boot Hotfix releases 2.7.21.1, 3.0.16.1, and 3.1.12.1. Releases are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription.
Get support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all