Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreValues produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range.
Spring Boot:
| Fix version | Availability |
|---|---|
| 4.0.6 | OSS |
| 3.5.14 | OSS |
| 3.4.16 | Enterprise Support Only |
| 3.3.19 | Enterprise Support Only |
| 2.7.33 | Enterprise Support Only |
No further mitigation steps are necessary.
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy