Broadleaf 3.1.13-GA and 3.0.16-GA are released on Maven Central. This contains a patch to a security vulnerability in the Broadleaf admin panel that allowed an admin user to hijack another admin user's account. Customer-facing logins were unaffected. We recommend immediate upgrades to these latest versions of Broadleaf in order to patch this security vulnerability. See the details for full release notes.