Spring Blog

Spring Authorization Server 1.5.7 Available Now

Releases | Joe Grandja | April 21, 2026 | 1 min read | ...

On behalf of the team and everyone who has contributed, I am pleased to announce the availability of Spring Authorization Server 1.5.7.

This release addresses the following CVE:

  • CVE-2026-22752 "Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata"

For a complete list of changes, refer to the changelog:

Open source support for Spring Authorization Server 1.3.x, and 1.4.x generations has ended, see our support page for more information. Commercial customers can update to 1.3.11, or 1.4.10 respectively. These versions are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription.

Project Page | GitHub Issues

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all