Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSpring Authorization Server 2026.06 Releases - Contains CVE Fixes
On behalf of the team and everyone who has contributed, I am pleased to announce the availability of Spring Authorization Server 1.5.8.
This release addresses the following CVE:
- CVE-2026-41008 "Spring Security Authorization Server Open Redirect via request_uri"
For a complete list of changes, refer to the changelog:
Commercial Releases
Open source support for Spring Authorization Server 1.3.x, and 1.4.x generations has ended, see our support page for more information.
Commercial customers can update to 1.3.12, or 1.4.11 respectively.
These are also included in the latest Boot releases, 3.3.20, and 3.4.17, as well as Boot hot fix 3.5.14.1.
These versions are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription.
Get support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all