Spring Framework 6.2.10 release fixes CVE-2025-41242
On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.2.10
is available now.
Spring Framework 6.2.10
ships with 11 fixes and documentation improvements. This version will be shipped next week with Spring Boot 3.4.9
and 3.5.5
.
CVE-2025-41242:
This release addresses CVE-2025-41242 for "Path traversal vulnerability on non-compliant Servlet containers".
Open source support for Spring Framework 5.3.x and 6.1.x generations has ended, see our support page for more information. This fix has been applied to the 5.3.44 and 6.1.22 commercial releases…