Spring Project Vulnerability Reports Published (06/2018)
The following CVEs have been published today:
- CVE-2018-11039: Cross Site Tracing (XST) with Spring Framework
- CVE-2018-11040: JSONP enabled by default in MappingJackson2JsonView
Fixes for those vulnerabilities have been released with Spring Framework 5.0.7 & 4.3.18, Spring Boot 1.5.14 and Spring Boot 2.0.3.
Please, review the information in the CVE reports and upgrade immediately.