Spring Framework has released versions 7.0.8 and 6.2.19. These updates address a significant number of Common Vulnerabilities and Exposures (CVEs). The vulnerabilities span various modules and functionalities within the framework. Several CVEs relate to denial of service (DoS) attacks, including those targeting multipart requests, versioned resources, AntPathMatcher, and integer overflows in SpEL expressions. Information disclosure is also addressed, particularly concerning static resource caching. Session fixation and predictable session IDs in the WebSocket module are covered by specific CVEs. Path traversal vulnerabilities via versioned static resources are also patched. Cross-site scripting (XSS) vulnerabilities have been remediated in relation to JavaScriptUtils and JSP form tags. The updates also fix security filter bypass issues in the WebFlux Kotlin Router DSL. Open redirect vulnerabilities and arbitrary method invocation in SpEL expressions are among the other addressed security concerns. Multipart request smuggling and server-side request forgery are also mitigated. Finally, unsafe deserialization via Jackson JMS converters has been patched. Spring Framework 6.2.19 is likely the final release of its generation, and users are encouraged to upgrade to 7.0.x.