Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSpring Authorization Server 1.2.3, 1.1.6 and 1.0.6 Available Now Including Fixes for CVE-2024-22258
On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 1.2.3, 1.1.6 and 1.0.6.
The releases address CVE-2024-22258 for PKCE Downgrade in Spring Authorization Server.
Tanzu Spring Runtime
Commercial customers using Spring Boot 2.7 or 3.0 can make use of the new Spring Boot Hotfix release mechanism, providing versions 2.7.20.2 and 3.0.15.2. Spring Boot Hotfix releases are timely releases that patch dependency management to use the latest Spring artifacts when a CVE fix is released. The hotfix versions released today are available on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription.
Commercial customers and OSS users of Spring Boot 3.1 and 3.2 should manually upgrade to Spring Authorization Server 1.1.6 and 1.2.3 now, and to Spring Boot 3.1.10 and 3.2.4 later this week when those become available.
Stay tuned for more details on hotfix releases and our plans in that space.
Get support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all