CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter, Fixed5.3.42

[13616553525]

HI

I saw the official https://spring.io/security/cve-2024-38828 Fixed in5.3.42，But the last official version of 5.3. x was 5.3.39.

May I ask how to obtain version 5.3.42, if it is commercially available

[bclozel]

Spring Framework 5.3.42 is commercially available. Please reach out with https://spring.io/support

Thanks!

[13616553525]

Can you provide specific purchasing methods？

[tryDecisive]

Spring Framework 5.3.42 is commercially available. Please reach out with https://spring.io/support

Thanks!

How can we use the 5.3.42 version? It seems that there is not avalibale link to click?
We prefer the 5.3.42 version can be found in the tags list.

[bclozel]

@tryDecisive https://spring.io/support