Spring Security Need clarity on fix for https://tanzu.vmware.com/security/cve-2021-22112

As per https://tanzu.vmware.com/security/cve-2021-22112 5.3.8 has the fix, but we dont see difference between 5.3.7 with 5.3.8, and 5.3.8 was released before this was reported, can you please tag a commit that has this fix

Comment From: rwinch

This is fixed in https://github.com/spring-projects/spring-security/commit/38e9e8ca52ddc4bdd272083563a657d5e37ea1e8#diff-0d9ef5adea64a07b6c04608ab43df3cf0364067bf8196ae0cc5979569cba329e