Spring Product Security Update Advisory
Overview A security update has been released to address a vulnerability in Spring products. the target is Spring AI, and users should update to the latest version. Affected Products and Versions Spring AI 1.0.0 and later, but earlier than 1.0.7. Spring AI 1.1.0 and later but earlier than 1.1.6. Resolved
Spring Product Security Update Advisory
Security updates have been released to address vulnerabilities in Spring products. the affected products are Spring Cloud Config and Spring AI. The vulnerabilities addressed in Spring Cloud Config are CVE-2026-40981, CVE-2026-40982, and CVE-2026-41002. CVE-2026-40981 is a privilege bypass vulnerability. CVE-2026-40982 is a Directory Path Manipulation vulnerability. CVE-2026-41002 is a TOCTOU
Spring Product Security Update Advisory (CVE-2026-40968)
Security updates have been released for vulnerabilities in Spring products. the target is Spring gRPC versions 1.0.0 through 1.0.2 and earlier. the vulnerability is CVE-2026-40968, which is a request-to-request SecurityContext (a security state that holds authentication and authorization information) leak in Spring gRPC. the vulnerability occurs in the context of
Spring Product Security Update Advisory
Overview A security update has been released to address a vulnerability in Spring products. the target is Spring AI, and users should update to the latest version. Affected by Spring AI 1.0.0 or later and earlier than 1.0.6. Spring AI 1.1.0 and above, but below 1.1.5. Resolved vulnerabilities CVE-2026-40967: Failure
Spring Product Security Update Advisory
Overview A security update was released to address a vulnerability in Spring products. users of the affected products were advised to update to the latest version. Affected Products and Versions Spring Boot 4.0.0 or later and 4.0.5 or earlier. Spring Boot 3.5.0 or later and 3.5.13 or earlier. Spring Boot
Spring Product Security Update Advisory
Overview. Two vulnerabilities have been announced in the Spring product related to Spring Security. the vulnerability identifiers are CVE-2026-22753 and CVE-2026-22754. affected versions are Spring Security 7.0.0 and above and 7.0.4 and below. patches are available in version 7.0.5. Vulnerability details. CVE-2026-22753 is an issue with path matching in HttpSecurity#securityMatchers
Spring Product Security Update Advisory (CVE-2026-22750)
Spring product security update advisory (CVE-2026-22750). Affected products and scope of impact. the affected product is Spring Cloud Gateway version 4.2.0. Vulnerability overview. the vulnerability (CVE-2026-22750) is an issue where SSL bundle settings are unceremoniously ignored. this could allow an application to establish a connection without applying the intended TLS
Spring Product Security Update Advisory
overview We have released security updates that address vulnerabilities in Spring products. users of affected products are encouraged to update to the latest version. affected products Cve-2026-22738, cve-2026-22742, cve-2026-22743, cve-2026-22744 Spring AI version: 1.0.0 or higher but lower than 1.0.5Spring AI version: 1.1.0 or later and less than 1.1.4 resolved
Spring Product Security Update Advisory (CVE-2026-22739)
overview We have released security updates that address vulnerabilities in Spring products. users of affected products are encouraged to update to the latest version. affected products CVE-2026-22739 Spring Cloud Config Version: 3.1.xSpring Cloud Config version: 4.1.xSpring Cloud Config version: 4.2.xSpring Cloud Config version: 4.3.xSpring Cloud Config version: 5.0.x resolved vulnerabilities
Spring Product Security Update Advisory
overview We have released security updates that address vulnerabilities in Spring products. users of affected products are encouraged to update to the latest version. affected products CVE-2026-22731 Spring Boot version: 4.0.0 or higher and 4.0.3 or lowerSpring Boot version: 3.5.0 or later and 3.5.11 or earlierSpring Boot version: 3.4.0 or
