SpringBoot Looking for spring-boot version that includes the fix for CVE-2024-38816

Hi,

We are using spring-boot version 3.2.5 and we're facing the issue described here: https://spring.io/security/cve-2024-38816 ("Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable"). The proposed solution is to upgrade to version org.springframework:spring-webflux:6.1.13, org.springframework:spring-webmvc:6.1.13.

The problem: We went trough spring-boot releases (which are later than 3.2.5) and we could not find one that includes spring-webmvc:6.1.13...

Which spring-boot release version should we use in order to get the fix to the problem above?

Regards, Dan

Comment From: wilkinsona

Please see https://github.com/spring-projects/spring-boot/releases. If you search for Spring Framework 6.1.13 on that page you will find the information you're looking for.