https://bugzilla.redhat.com/show_bug.cgi?id=1881158
--- Doc Text *updated* by Eric Christensen sparks@redhat.com --- In Spring Framework, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.