We have released Spring Security 5.3.2, 5.2.4, 5.1.10, 5.0.16 and 4.2.16 to address the following CVE reports:
- CVE-2020-5407: Signature Wrapping Vulnerability with spring-security-saml2-service-provider
- CVE-2020-5408: Dictionary attack with Spring Security queryable text encryptor
#spring