Visit NES for Spring Home Page
Spring Security 6.2.x Release Notes
5 versions
Comprehensive release notes and changelog for Spring Security 6.2.x, including security patches, bug fixes, and feature updates across all supported versions.
October 2025
6.2.13
Released on Oct 24, 2025 Full Version:
6.2.8-spring-security-6.2.13
Dependency Upgrades
- Spring Data BOM (NES)
2023.1.12-spring-data-bom-2023.1.16 - Spring Framework (NES)
6.1.21-spring-framework-6.1.25 - Spring LDAP (NES)
3.2.13-spring-ldap-3.2.17
September 2025
6.2.12
Released on Sep 23, 2025 Full Version:
6.2.8-spring-security-6.2.12
Dependency Upgrades
- Spring Data BOM (NES)
2023.1.12-spring-data-bom-2023.1.15 - Spring Framework (NES)
6.1.21-spring-framework-6.1.24 - Spring LDAP (NES)
3.2.13-spring-ldap-3.2.16
August 2025
6.2.11
Released on Aug 22, 2025 Full Version:
6.2.8-spring-security-6.2.11
Dependency Upgrades
- Spring Framework (NES)
6.1.21-spring-framework-6.1.23
July 2025
6.2.10
Released on Jul 15, 2025 Full Version:
6.2.8-spring-security-6.2.10
Dependency Upgrades
- Spring Data BOM (NES)
2023.1.12-spring-data-bom-2023.1.13 - Spring Framework (NES)
6.1.21-spring-framework-6.1.22 - Spring LDAP (NES)
3.2.13-spring-ldap-3.2.14
May 2025
6.2.9
Released on May 27, 2025 Full Version:
6.2.8-spring-security-6.2.9
Bug Fixes
- This release patches the following:
- CVE-2025-22234: Maximum password length enforced in the
BCryptPasswordEncoder(patch for CVE-20225-22228) breaks timing attack mitigation in theDaoAuthenticationProvider.org.springframework.security:spring-security-crypto:6.2.8-spring-security-6.2.9
- CVE-2025-22228: Maximum password length is not enforced in
BCryptPasswordEncoderorg.springframework.security:spring-security-crypto:6.2.8-spring-security-6.2.9
- CVE-2025-22234: Maximum password length enforced in the
Notes
- This release originates from the open‑source Spring Security repository forked by HeroDevs starting with version
6.2.8. - Includes other modifications implemented by HeroDevs to ensure successful library builds.
Full Version:
6.2.8-spring-security-6.2.9
Stay in the loop
~/herodevs-spring-framework-support
herodevs@nes:open-source$ ./display-support-info.sh