Visit NES for Spring Home Page
Spring Security Release Notes
10 versions
Release notes for Spring Security
Oct 23, 2025
Latest: 5.7.22
16 Patched CVEs
October 2025
5.7.22
Released on Oct 23, 2025 Full Version:
5.7.14-spring-security-5.7.22
Dependency Upgrades
- Spring Framework (NES)
5.3.39-spring-framework-5.3.49
September 2025
5.7.21
Released on Sep 23, 2025 Full Version:
5.7.14-spring-security-5.7.21
Dependency Upgrades
- Spring Framework (NES)
5.3.39-spring-framework-5.3.48
August 2025
5.7.20
Released on Aug 25, 2025 Full Version:
5.7.14-spring-security-5.7.20
Dependency Upgrades
- Spring Data BOM (NES)
2021.2.18-spring-data-bom-2021.2.22 - Spring Framework (NES)
5.3.39-spring-framework-5.3.47 - Spring LDAP (NES)
2.4.4-spring-ldap-2.4.8
May 2025
5.7.19
Released on May 20, 2025 Full Version:
5.7.14-spring-security-5.7.19
Dependency Upgrades
- Spring Framework (NES):
5.3.39-spring-framework-5.3.46 - Spring Data BOM (NES):
2021.2.18-spring-data-bom-2021.2.21
April 2025
5.7.18
Released on Apr 23, 2025 Full Version:
5.7.14-spring-security-5.7.18
Bug Fixes
- This patches the bug in Spring Security where the maximum password length enforced in the
BCryptPasswordEncoderbreaks timing attack mitigation in theDaoAuthenticationProvider(CVE-2025-22234).org.springframework.security:spring-security-crypto:5.7.14-spring-security-5.7.18
March 2025
5.7.17
Released on Mar 20, 2025 Full Version:
5.7.14-spring-security-5.7.17
Bug Fixes
- This patches the bug in Spring Security BCryptPasswordEncoder where maximum password length is not enforced (CVE-2025-22228).
org.springframework.security:spring-security-crypto:5.7.14-spring-security-5.7.17
February 2025
5.7.16
Released on Feb 24, 2025 Full Version:
5.7.14-spring-security-5.7.16
Notes
- Publish Spring Security under the
org.springframework.securitygroup ID instead ofcom.herodevs.nes.springframework.security
Dependency Upgrades
- Spring Framework (NES):
5.3.39-spring-framework-5.3.45 - Spring Data BOM (NES):
2021.2.18-spring-data-bom-2021.2.20 - Spring LDAP (NES):
2.4.4-spring-ldap-2.4.6
November 2024
5.7.15
Released on Nov 19, 2024 Full Version:
5.7.14-spring-security-5.7.15
Bug Fixes
- This patches the Spring Security Authorization Bypass for Case Sensitive Comparisons (CVE-2024-38827).
com.herodevs.nes.springframework.security:spring-security-cas:5.7.14-spring-security-5.7.15com.herodevs.nes.springframework.security:spring-security-config:5.7.14-spring-security-5.7.15com.herodevs.nes.springframework.security:spring-security-core:5.7.14-spring-security-5.7.15com.herodevs.nes.springframework.security:spring-security-crypto:5.7.14-spring-security-5.7.15com.herodevs.nes.springframework.security:spring-security-data:5.7.14-spring-security-5.7.15com.herodevs.nes.springframework.security:spring-security-ldap:5.7.14-spring-security-5.7.15com.herodevs.nes.springframework.security:spring-security-oauth2-client:5.7.14-spring-security-5.7.15com.herodevs.nes.springframework.security:spring-security-taglibs:5.7.14-spring-security-5.7.15com.herodevs.nes.springframework.security:spring-security-web:5.7.14-spring-security-5.7.15
October 2024
5.7.14
Released on Oct 29, 2024 Full Version:
5.7.13-spring-security-5.7.14
Bug Fixes
- This patches the Authorization Bypass of Static Resources in WebFlux Applications (CVE-2024-38821).
com.herodevs.nes.springframework.security:spring-security-web:5.7.13-spring-security-5.7.14
August 2024
5.7.13
Released on Aug 26, 2024 Full Version:
5.7.12-spring-security-5.7.13
Notes
- This release originates from the open‑source Spring Security repository forked by HeroDevs starting with version
5.7.12. - Includes other modifications implemented by HeroDevs to ensure successful library builds.
- Spring Security
5.7.12includes Spring Framework5.3.29. This release updates Spring Framework to NES version5.3.40which is equivalent to the original Spring Framework5.3.39. For reference, here is a list of all included updates from Spring Framework included here:v5.3.30v5.3.31v5.3.32v5.3.33v5.3.34v5.3.35v5.3.36v5.3.37v5.3.38v5.3.39
Stay in the loop
~/herodevs-spring-framework-support
herodevs@nes:open-source$ ./display-support-info.sh