You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+23-1Lines changed: 23 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,6 +11,28 @@ Spring Security integration with Auth0 to secure your API with Json Web Tokens (
11
11
12
12
> This library targets Spring 4 and Spring Boot 1. If you are using Spring 5 and Spring Boot 2, please see the [Spring Security 5 API Quickstart](https://auth0.com/docs/quickstart/backend/java-spring-security5).
13
13
14
+
## Security Considerations
15
+
16
+
This library uses Spring Security 4, and is targeted at applications using Spring 4 and/or Spring Boot 1.
17
+
18
+
The following are vulnerabilities that could affect this library when used with Spring 4/Boot 1:
19
+
-[CVE-2021-22112 ](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22112) is a medium severity vulnerability in Spring Security (`org.springframework.security:spring-security-web`) 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, and 5.2.x prior to 5.2.9.RELEASE.
20
+
- 5.2.x prior to 5.2.9.RELEASE.
21
+
- 5.3.x prior to 5.3.8.RELASE.
22
+
- 5.4.x prior to 5.4.4.
23
+
-[CVE-2021-22060](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22060) is a medium severity vulnerability in `org.springframework:spring-core` affecting:
24
+
- 5.2.x prior to 5.2.19.RELEASE.
25
+
- 5.3.x prior to 5.3.14.
26
+
-[CVE-2021-22096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22096) is a medium severity vulnerability in `org.springframework:spring-core` affecting:
27
+
- 5.2.x prior to 5.2.18.
28
+
- 5.3.x prior to 5.3.12.
29
+
30
+
It is recommended that projects using this library upgrade to at least:
31
+
-`org.springframework.security:spring-security-web` to `5.2.9.RELEASE`, `5.3.8.RELASE`, `5.4.4`, or better
32
+
-`org.springframework:spring-core` to `5.2.19.RELEASE`, `5.3.14`, or better
33
+
34
+
💡 Developers will often find it more convenient to use's Spring's native, out-of-the-box OAuth2 support. Please review Auth0's [Spring Boot API quickstart](https://auth0.com/docs/quickstart/backend/java-spring-security5/01-authorization) for guidance on that implementation path.
35
+
14
36
## Download
15
37
16
38
Get Auth0 Spring Security API using Maven:
@@ -157,4 +179,4 @@ This project is licensed under the MIT license. See the [LICENSE](LICENSE) file
0 commit comments