Â
💡Look up a specific artifact version in the "Versions of NES for Spring Artifacts" table.
Spring Framework
5.3.39-spring-framework-5.3.44 (NES) - Nov 15, 2024
Bug Fixes
- Fixes to core and web packages to address DoS issue
- This patches DoS via Spring MVC controller method with byte[] parameter (CVE-2024-38828)
- This fix is included in NES for Spring Framework version 5.3.39-spring-framework-5.3.44 in the following artifacts
- com.herodevs.nes.springframework:spring-core:5.3.39-spring-framework-5.3.44
- com.herodevs.nes.springframework:spring-web:5.3.39-spring-framework-5.3.44
5.3.39-spring-framework-5.3.43 (NES) - October 30, 2024
Bug Fixes
- Fixes to resource handling for Spring's WebMVC.fn and WebFlux.fn (functional) endpoints
- This patches a variation of the path traversal vulnerability in Spring's functional web frameworks (CVE-2024-38819)
- This fix is included in NES for Spring Framework version 5.3.39-spring-framework-5.3.43 in the following artifacts
- com.herodevs.nes.springframework:spring-webmvc:5.3.39-spring-framework-5.3.43
- com.herodevs.nes.springframework:spring-webflux:5.3.39-spring-framework-5.3.43
5.3.39-spring-framework-5.3.42 (NES) - October 24, 2024
Bug Fixes
- Fixed an issue with DataBinder's
disallowedFields
related to case insensitivity.
- This update addresses the Spring Framework DataBinder Case Sensitive Match Exception (CVE-2024-38820)
- This fix is included in NES for Spring Framework version 5.3.39-spring-framework-5.3.42 in the following artifacts
- com.herodevs.nes.springframework:spring-context:5.3.39-spring-framework-5.3.42
- com.herodevs.nes.springframework:spring-core:5.3.39-spring-framework-5.3.42
- com.herodevs.nes.springframework:spring-web:5.3.39-spring-framework-5.3.42
- com.herodevs.nes.springframework:spring-webmvc:5.3.39-spring-framework-5.3.42
- com.herodevs.nes.springframework:spring-webflux:5.3.39-spring-framework-5.3.42
- com.herodevs.nes.springframework:spring-websocket:5.3.39-spring-framework-5.3.42
5.3.39-spring-framework-5.3.41 (NES) - September 19, 2024
Bug Fixes
- Fixes to resource handling for Spring's WebMVC.fn and WebFlux.fn (functional) endpoints
- This patches the path traversal vulnerability in Spring's functional web frameworks (CVE-2024-38816)
- This fix is included in NES for Spring Framework version 5.3.39-spring-framework-5.3.41 in the following artifacts
- com.herodevs.nes.springframework:spring-webmvc:5.3.39-spring-framework-5.3.41
- com.herodevs.nes.springframework:spring-webflux:5.3.39-spring-framework-5.3.41
5.3.39-spring-framework-5.3.40 (NES) - August 26, 2024
- This release originates from the open-source Spring Framework repository forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds. This release contains no functional changes from Spring Framework 5.3.39.
- Breaking Changes: None
Â
Spring SecurityÂ
5.8.15-spring-security-5.8.16 (NES) - October 29, 2024
- This patches the Authorization Bypass of Static Resources in WebFlux Applications (CVE-2024-38821)
- com.herodevs.nes.springframework.security:spring-security-web:5.7.13-spring-security-5.7.14
5.8.14-spring-security-5.8.15 (NES) - September 20, 2024
- This release originates from the open-source Spring Security repository forked by HeroDevs starting with version 5.8.14.
- Includes other modifications implemented by HeroDevs to ensure successful library builds.
- Breaking Changes: None
5.7.13-spring-security-5.7.14 (NES) - October 29, 2024
- This patches the Authorization Bypass of Static Resources in WebFlux Applications (CVE-2024-38821)
- com.herodevs.nes.springframework.security:spring-security-web:5.7.13-spring-security-5.7.14
5.7.12-spring-security-5.7.13 (NES) - August 26, 2024
- This release originates from the open-source Spring Security repository forked by HeroDevs starting with version 5.7.12.
- Includes other modifications implemented by HeroDevs to ensure successful library builds.
- Spring Security 5.7.12 includes Spring Framework 5.3.29. This release updates Spring Framework to version NES version 5.3.40 which is equivalent to the original Spring Framework 5.3.39. For reference, here is a list of all included updates from Spring Framework included here:
- Breaking Changes: None
Â
Spring Boot
2.7.18-spring-boot-2.7.20 (NES) - September 25, 2024
Bug Fixes
- Addresses issue in Spring Boot Jar loader to detect signature mismatch of nested jar files
- This patches the signature forgery vulnerability in Spring Boot's jar loader (CVE-2024-38807)
- This fix is included in NES for Spring Boot version 2.7.18-spring-boot-2.7.20 in the following artifacts
- com.herodevs.nes.springframework.boot:spring-boot-loader:2.7.18-spring-boot-2.7.20
2.7.18-spring-boot-2.7.19 (NES) - August 26, 2024
- This release originates from the open-source Spring Boot repository forked by HeroDevs. This release updates Spring Framework to version NES version 5.3.40 and Spring Security NES version 5.7.13
- The original Spring Boot 2.7.18 version included the following versions
- With the upgrade to our NES versions of Spring Framework 5.3.40 and Spring Security 5.7.13, these include the following changes from both Spring Framework and Spring Security projects. The release notes for those releases are listed below for reference:
- Includes other modifications implemented by HeroDevs to ensure successful library builds.
- This release contains no functional changes from Spring Boot 2.7.18
- Breaking Changes: None
Spring Retry
1.3.4-spring-retry-1.3.5 (NES) - October 11, 2024
- This release originates from the open-source Spring Retry repository forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds. This release contains no functional changes from Spring Retry build 1.3.4.
- Breaking Changes: None