Spring Product Security Update Advisory
Overview. Two vulnerabilities have been announced in the Spring product related to Spring Security. the vulnerability identifiers are CVE-2026-22753 and CVE-2026-22754. affected versions are Spring Security 7.0.0 and above and 7.0.4 and below. patches are available in version 7.0.5. Vulnerability details. CVE-2026-22753 is an issue with path matching in HttpSecurity#securityMatchers
Spring Product Security Update Advisory
overview We have released security updates that address vulnerabilities in Spring products. users of affected products are encouraged to update to the latest version. affected products CVE-2026-22731 Spring Boot version: 4.0.0 or higher and 4.0.3 or lowerSpring Boot version: 3.5.0 or later and 3.5.11 or earlierSpring Boot version: 3.4.0 or
Spring Product Security Update Advisory (CVE-2025-22228)
Overview We have released security updates to fix vulnerabilities in Spring products. Users of affected products are advised to update to the latest version. Affected Products CVE-2025-22228 Spring Security versions: 5.7.0 through 5.7.15 (inclusive)Spring Security versions: 5.8.0 through 5.8.17 (inclusive)Spring Security versions: 6.0.0 through 6.0.15 (inclusive)Spring Security versions:
