Aspect Security: Java-based Spring Framework open-source code allows remote-code execution by attackers. The vulnerability, if exploited by an attacker, could lead to the complete compromise of the application build with it. Software developers whose applications build on Spring could be at risk. Spring will likely disable the expression-language feature by default in the next version of the Spring Framework, CEO Jeff Williams says. It’s not known exactly how many Spring-developed applications are vulnerable to this vulnerability. More than 1.3 million vulnerable instances of Spring Framework have been downloaded by more than 22,000 organizations worldwide.”]