On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Security
6.1.2 are available now.
Please refer to the releases page for more detail on what is included in each release.
Those versions fix the following CVEs:
- CVE-2023-34034: WebFlux Security Bypass With Un-Prefixed Double Wildcard Pattern
- CVE-2023-34035: Authorization rules can be misconfigured when using multiple servlets
It is also important to remember that the
5.8 version of Spring Security is a special release designed to help you to migrate to Spring Security
6.0, therefore if you are planning to upgrade your applications, using that version combined with the special migration guide makes the migration a lot smoother.