Spring CVE-2023-20861 - Nineya|java/go/python

Hi,

Yesterday, I noticed that Spring has published a new CVE affecting Spring-Framework.

https://spring.io/security/cve-2023-20861
https://www.cvedetails.com/cve/CVE-2023-20861

Reading the post, it is scheduled to be fixed for release 6.0.7.

I would like to know if it will be included in that version or not.

https://calendar.spring.io/

Many thanks in advance

Juan Antonio

Comment From: mdeinum

The links you refer to clearly state it is fixed in Spring 6.0.7, which has been released already. That it is fixed is also noted in the release post of that release.

Comment From: ahrycej

Could anybody explain the difference between CVE-2023-20861 and CVE-2023-20863?