Security advisory for pac4j-core on CSRF
A security vulnerability affecting the CSRF support in the pac4j-core module has been identified and fixed.
To stay safe, you SHOULD upgrade:
- If you use the 5.x line: upgrade to 5.7.11 (or newer)
- If you use the 6.x line: upgrade to 6.5.1 (or newer)
No additional details will be shared in this post.
This vulnerability was discovered by James Love.
Jérôme LELEU - May 2026