Spring Framework 6.0.8, 5.3.27 and 5.2.24.RELEASE fix cve-2023-20863

Releases | Brian Clozel | April 13, 2023 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Framework 6.0.8, 5.3.27 and 5.2.24.RELEASE versions are available now.

Spring Framework 6.0.8 ships with 60 fixes and documentation improvements, including 5 fixes for regressions. Spring Framework 5.3.27 ships with 20 fixes and documentation improvements, including 4 fixes for regressions. Spring Framework 5.2.24.RELEASE ships with 3 fixes.

Those versions fix the following CVE:

Those versions will be shipped with Spring Boot 3.0.6 and 2.7.11, to be released next Thursday. In the meantime, you can update your existing Spring Boot application to pick up the latest Framework version.

For Gradle builds in build.gradle:

ext['spring-framework.version'] = '6.0.8'

Or for Maven builds in pom.xml:

<properties>
  <spring-framework.version>6.0.8</spring-framework.version>
</properties>

Project Page | GitHub | Issues | Documentation

Get the Spring newsletter

Thank you for your interest. Someone will get back to you shortly.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all