Spring Boot 3.5.14 available now
wilkinsona
·
2026-04-23
·
via Spring Releases
On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 3.5.14 has been released and is now available from Maven Central. This release includes 48 bug fixes, documentation improvements, and dependency upgrades . Thanks to all those who have contributed with issue reports and pull requests. CVE reports This release addresses the following CVEs: CVE-2026-40971 "RabbitMQ auto-configuration with an SSL bundle disables TLS hostname verification" CVE-2026-40972 "DevTools remote secret comparison is vulnerable to timing attacks" CVE-2026-40973 "Predictable temp directory accepted without ownership verification" CVE-2026-40974 "Cassandra SSL auto-configuration disables TLS hostname verification" CVE-2026-40975 "Random value property source uses a weak PRNG unsuitable for secrets" CVE-2026-40977 "PID file write follows symlinks at predictable default path" How can you help? If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag . Project Page | GitHub | Issues | Documentation | Stack Overflow
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。