Spring CVE-2024-22262 on spring-web 4.0.5.Release version, suggested version is 5.3.34

Hi Team,

I have verified the below link : https://spring.io/security/cve-2024-22262 for vulnerability details.

We have web application running on Jetty 9.4.51 with JDK 11 and spring-web 4.0.5.Release. As per above link, upgrade version details are available only for version 5,6 and 7.

Any suggestion to upgrade from 4.0.5 version?

Comment From: bclozel

Spring Framework 4.0.x has been out of support for years now and has numerous CVEs without fixes. Please upgrade to a supported version at your earliest convenience.