Spring Vault 3.0.2 and 2.3.3 fix CVE-2023-20859
On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Vault
2.3.3 versions are available now.
3.0.2 ships with 7 fixes and documentation improvements Spring Vault 2.3.3 ships with 13 fixes and selected improvements.
Those versions fix the following CVE:
CVE-2023-20859: Insertion of Sensitive Information into Log Sourced from Failed Revocation of Tokens
Those versions will be shipped with Spring Cloud in the next days. Until then, please override the dependency version in your project.
For Gradle builds in