Does the keycloak-spring-security-adapter version need to match the Keycloak server version?

We are using Keycloak server version 9.0.3. Does my application also need to use keycloak-spring-security-adapter:9.0.3 (the same as the server), or can it use the latest version?

Asking because of CVE-2020-1714 in Keycloak before v11.0.0.