CVE-2024-47887 – Fixed a possible ReDoS vulnerability in HTTP token authentication in Action Controller.
CVE-2024-41128 – Fixed a possible ReDoS vulnerability in query parameter filtering in Action Dispatch.
CVE-2023-28362 – Raise an exception if illegal characters are provide to redirect_to.
CVE-2023-22795 – Fixed a ReDoS-based DoS vulnerability in Action Dispatch.
CVE-2023-22792 – Fixed a ReDoS-based DoS vulnerability in Action Dispatch.
CVE-2021-22904 – Fixed a possible denial-of-service (DoS) vulnerability in Action Controller token authentication.
CVE-2021-22885 – Fixed an information disclosure and unintended method execution vulnerability in Action Pack.

CVE-2022-27777 – Fixed an XSS vulnerability in Action View tag helpers.
CVE-2020-15169 – Fixed an XSS vulnerability in Action View.
CVE-2020-8163 – Fixed a remote code execution vulnerability via user-provided local names in Action View.
CVE-2020-5267 – Fixed a cross-site scripting (XSS) vulnerability in Action View.
CVE-2019-5419 – Fixed a denial-of-service vulnerability in Action View.
CVE-2019-5418 – Fixed a path traversal vulnerability in Action View.

CVE-2022-44566 – Fixed a denial-of-service (DoS) vulnerability in Active Record's PostgreSQL adapter.
CVE-2022-32224 – Fixed a remote code execution (RCE) vulnerability with serialized columns in Active Record.

CVE-2023-28120 – Fixed a possible XSS security vulnerability in SafeBuffer#bytesplice.
CVE-2023-22796 – Fixed a ReDoS-based DoS vulnerability in Active Support’s underscore.

~/herodevs-spring-framework-support

Open Source Support

When official support ends, we're just getting started.

New releases published regularly — check back often for the latest security updates

$ cat features.txt