Sensitive information (for example, passwords in login requests) stored in the temporary memory is not cleared in time after being used. It depends on the recycling mechanism of the JDK and may be used.
Comment From: bclozel
If you believe you've found a security issue, please report it using the appropriate channel as described in the issue template.
See https://spring.io/security-policy