Security Report for Spring AMQP (Spring for RabbitMQ)

Engineering | Gary Russell | November 29, 2021 | ...

The recently released versions of Spring AMQP (2.4.0, 2.3.12, 2.2.20) contain a fix for CVE-2021-22095, which can cause a potential OutOfMemoryError for very large messages.

Spring Boot version 2.6.0 and 2.5.7 will bring in the 2.4.0 and 2.3.12 versions of spring-amqp respectively. Users of Boot 2.4.x should override the spring-amqp and spring-rabbit versions to 2.3.12; users of Spring Boot 2.3.x should override the versions to 2.2.20.

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all