Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreThe Spring Framework has released version 6.1.13 that contains a fix for CVE-2024-38816: Path traversal vulnerability in functional web frameworks.
Note that open source support for Spring Framework 5.3.x and 6.0.x generations has ended last month, as announced previously. As a result, this fix has been applied to the 5.3.40 and 6.0.24 commercial releases, available now.
If you are not a commercial customer, please consider upgrading to an open source supported version at your earliest convenience.
Commercial customers using Spring Boot 2.7, 3.0, or 3.1 can make use of Spring Boot Hotfix releases 2.7.22.1, 3.0.17.1, and 3.1.13.1. Releases are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription.