We have released Spring Security 5.3.2, 5.2.4, 5.1.10, 5.0.16 and 4.2.16 to address the following CVE reports:

  • CVE-2020-5407: Signature Wrapping Vulnerability with spring-security-saml2-service-provider
  • CVE-2020-5408: Dictionary attack with Spring Security queryable text encryptor

#spring

CVE reports published for Spring Security
1.60 GEEK