SpringSource has issued a security advisory announcement concerning a potential vulnerability. The root cause of the vulnerability is a Sun JDK 1.5 issue with exponential compilation times when using optional groups. When a Sun JVM 1.5 driven application with spring.jar in its classpath accepts serializable data, an attacker could use a long regex string with many optional groups to consume enormous CPU resources.

Affected Versions: Spring Framework 1.1.0-2.5.6, 3.0.0.M1-3.0.0.M2; dm Server 1.0.0-1.0.2

Read the official security advisory for the complete details about the issue and how to resolve it.