The recently released versions of Spring AMQP (2.4.0, 2.3.12, 2.2.20) contain a fix for CVE-2021-22095, which can cause a potential
OutOfMemoryError for very large messages.
Spring Boot version 2.6.0 and 2.5.7 will bring in the 2.4.0 and 2.3.12 versions of spring-amqp respectively. Users of Boot 2.4.x should override the
spring-rabbit versions to 2.3.12; users of Spring Boot 2.3.x should override the versions to 2.2.20.