CVE-2024-38821: Spring Security Patch Update & How TuxCare Users Are Protected
When it comes to keeping Spring applications protected, a proactive response to vulnerabilities is essential. For enterprises relying on Spring Security, the latest CVE-2024-38821 vulnerability has been a point of concern. However, the Spring community has quickly responded with fixed versions, ensuring that the latest security updates address this issue head-on.
Here’s how TuxCare is aligning with these updates and providing additional support for our customers.
Overview of CVE-2024-38821
The CVE-2024-38821 flaw impacts Spring Security, potentially exposing systems to exploitation if left unpatched. The vulnerability impacts apps developed using Spring WebFlux only, and if an attacker exploits it, it can lead to security rules being bypassed.
Fortunately, the Spring open source community team has addressed this by releasing updates which include a fix for CVE-2024-38821. You can get all the details about the affected versions and which versions to upgrade to directly from Spring.
If you are a user of TuxCare’s Endless Lifecycle Support for Spring, you will receive the latest version that includes the fixes from the Spring community in the coming days.
TuxCare’s Approach to Securing ELS for Spring Customers
In this case, TuxCare will not apply a custom patch to CVE-2024-38821 directly. Instead, we’re providing users of ELS for Spring with the latest Spring Security versions, which already contain fixes for the vulnerability. To the latest end-of-life versions, we will backport our previous patches. This ensures our customers benefit from the most up-to-date and community-supported solution.
Our users can expect to get these updates by Friday, November 1st.
Final Thoughts
With the release of updated versions from the Spring community, TuxCare’s approach ensures that customers receive both the most current security measures and continued support for older versions. We’re committed to backporting patches, providing not only the latest in Spring’s security but also TuxCare’s unique customizations for enhanced stability and protection.
If you have any questions or would like to discuss our process further, feel free to reach out via our Support Portal. Your security is our priority, and with this update, we’re proud to offer the most comprehensive and proactive support available for end-of-life Spring Security users.