Spring Boot 2.5.15 and 2.6.15 available now, fixing CVE-2023-20883
I happy to announce that Spring Boot 2.5.15
and 2.6.15
have been released and are now available from Maven Central.
This release follows a request from a customer with commercial support that was looking to have the ability to upgrade to later versions of SnakeYAML.
This release also includes fixes for CVE-2023-20883: Spring Boot Welcome Page DoS Vulnerability as well as CVE-2023-20873: Security Bypass With Wildcard Pattern Matching on Cloud Foundry.
If you're interested in purchasing commercial support for Spring, please see https://spring.io/support.
How can you help?
If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot
tag or chat with the community on Gitter…