CVE-2018-1199: Spring Security 5.0.1, 4.2.4, 4.1.5 Released
We have released Spring Security 5.0.1, 4.2.4, and 4.1.5 to address CVE-2018-1199: Security bypass with static resources Users are encouraged to update immediately.
One of the changes introduced for this CVE was setting StrictHttpFirewall
as the default HttpFirewall
. User’s can refer to the Javadoc and reference for additional information on how to configure it.