GHSA-8CRV-49FR-2H6J Spring Security and Spring Framework may not recognize certain paths that should be protected

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x as well as other unsupported versions rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms,...

Spring Security and Spring Framework may not recognize certain paths that should be protected

Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x as well as other unsupported versions rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms,...

CVE-2016-5007

CVE-2016-5007 affects Spring Security (3.2.x, 4.0.x, 4.1.0) and Spring Framework (3.2.x, 4.0.x, 4.1.x, 4.2.x). The root cause is differences in URL pattern matching/space trimming that can cause some paths to be treated as protected when they should not be, due to varying pattern matching between...