Spring Security Security Vulnerability CVE-2018-1258 Fix needed

I am using the latest version of spring-security spring-security-core-5.2.1.RELEASE.jar and we scan for NCC dependency check we can get the following reported venerability.

CVE-2018-1258 https://nvd.nist.gov/vuln/detail/CVE-2018-1258 https://pivotal.io/security/cve-2018-1258

Summary

I would like to know which version has a security fix. Do you have a patch for this venerability?

Actual Behavior

NONE

Expected Behavior

Expected that latest version fix security issues.

Configuration

NONE

Version

5.2.1.RELEASE

Sample

I am looking for exact version which has this fix. When are you planning to release a new version or if you have the patch already now can I access it and build my own so I do not have to wait for the next release.

Comment From: jzheaux

@bmistry13 Thanks for the report. The linked CVE states that Spring Security is only vulnerable in conjunction with Spring Framework 5.0.5:

The bug is present only in Spring Framework 5.0.5.RELEASE. If the application does not use Spring Framework 5.0.5.RELEASE then it is not impacted.

If you are not bringing in Spring Framework 5.0.5.RELEASE through a transitive dependency, then you are not affected.