Serial number: AV26-373
Date: April 21, 2026
Between April 9 and 21, 2026, Spring published security advisories to address vulnerabilities in the following products:
- Spring Cloud Gateway – version 4.2.0
- Spring Security – versions 5.7.0 to 5.7.22, 5.8.0 to 5.8.24, 6.3.0 to 6.3.15, 6.4.0 to 6.4.15, 6.5.0 to 6.5.9 and 7.0.0 to 7.0.4
- Spring Authorization Server – versions 1.3.0 to 1.3.10, 1.4.0 to 1.4.9 and 1.5.0 to 1.5.6
- Spring Framework – versions 5.3.0 to 5.3.47, 6.1.0 to 6.1.26, 6.2.0 to 6.2.17 and 7.0.0 to 7.0.6
The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.