Perhaps wrong affected range in CVE-2016-1000027 for spring-web

Hello! Thanks for your work!

I worked with CVE-2016-1000027 and it looks like affected range should also contain 5.3.x versions. NVD, maven repository and GitHub database include versions up to 6.0.0.

Can you take a look? Thanks in advance!

Best Regards, Dmitriy