Spring Authorization Server 1.5.8 has been released, fixing CVE-2026-41008 concerning an open redirect vulnerability via request_uri. Open source support for versions 1.3.x and 1.4.x has concluded. Commercial customers can upgrade to 1.3.12 or 1.4.11 respectively, which are also integrated into recent Spring Boot releases. These updated versions are available through the Spring commercial artifact repository.