Spring Framework 6.0.7 and 5.3.26 fix cve-2023-20860 and cve-2023-20861
On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Framework 6.0.7
and 5.3.26
versions are available now.
Spring Framework 6.0.7
ships with 28 fixes and documentation improvements, including 2 fixes for regressions. Spring Framework 5.3.26
ships with 40 fixes and documentation improvements.
Those versions fix the following CVEs:
- cve-2023-20860: Security Bypass With Un-Prefixed Double Wildcard Pattern
- cve-2023-20861: Spring Expression DoS Vulnerability
Those versions will be shipped with Spring Boot 3.0.5
and 2.7.10
, to be released Thursday. In…