This Week in Spring - November 26th, 2024

This Week in Spring - November 26th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! Happy Spring Boot 3.4 release month to those who celebrate! And, also, Happy Thanksgiving to those who celebrate! Spring Boot 3.4 brings with it long-anticipated updates to the entire...

Bootiful Spring Boot 3.4: Spring Batch

The new release of Spring Batch 5.2 has a ton of features! Spring Batch is a compelling way to handle large but finite sequential data access. Think: reading from an SQL database and writing to a CSV, or reading from an FTP server and writing out an analysis of a MongoDB - batch processing. You...

This Week in Spring - October 29th, 2024

Hi, Spring fans! How're things? It's almost Halloween! I'm so excited! I'm going as a PHP program. Boooooooo...t. I'm writing this from the amazing Vaadin Create conference in Frankfurt, Germany, about to do my keynote for an amazing, Spring-loving audience here. So, without further ado, let's di...

This Week in Spring - October 15th, 2024

Hi, Spring fans! Welcome to another rip-roaring and ever-so-riveting installment of This Week in Spring! I'm in Amsterdam, at the moment, rounding out a week between Antwerp, Beglium, and Amsterdam, the Netherlands. Today I'm off to Dubai for the fantastic GITEX/DevSlam event. Then I return back ...

This Week in Spring - March 19th, 2024

Hi, Spring fans! And happy Java 22 release day to those who celebrate! I just put out a huge blog detailing many of the exciting new features in Java 22. Check it out! As usual, we've got a packed roundup to get through this week so let's dive right into it! the Spring Authorization Server 1.3.0-...

Spring Tips: Spring Batch Remote Partitioning, your easy button for data scale!

Hi, Spring fans! In this installment, Spring Developer Advocate Josh Long looks at how to use Spring Batch's remote partitioning support to easy-button your data processing scale out strategies. postgresql ai datascience data springboot java java21...

This Week in Spring - February 27th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring wherein we explore the latest-and-greatest in the wonderful world of Springdom. This week's going to be a very good one, so let's dive right into it! good news everyone! Spring Boot's been updated! 3.3.0-M2, 3.2.3, and 3.1.9 a...

A Bootiful Podcast: Spring Batch lead Mahmoud Ben Hassine on the latest and greatest in 2023

Hi, Spring fans! Welcome to another installment of A Bootiful Podcast! In this installment, Josh Long @starbuxman talks to Spring Batch lead Mahmoud Ben Hassine @FMBENHASSINE about the latest and greatest in Spring Batch. notes Submit your talk to SpringOne@Explore, being held August 21-24, 2023,...

This Week in Spring - February 14th, 2023

Hi, Spring fans! It's early Tuesday morning for me. I'm preparing to head to Chicago, Illinois to meet some customers and have myself a grand ol' time in the windy city. I hope you're doing well, I certainly am. A Bootiful Podcast: opensource, Spring Cloud, and Kubernetes maestro Abel Salgado...

This Week in Spring - October 25th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! When last we spoke, I was in Las Vegas, NV, for the JavaOne show. It was amazing! Im in sunny Singapore, then off to Malaysia and Thailand. Its the first time Ive been to any of these places since 2019! How good it is to be...

This Week in Spring - October 18th, 2022

Hi, Spring fans! Howre you doin? Im doin alright! Last week I was in Antwerp, Belgium, for the amazing Devoxx BE show. I did a presentation with my friend and hero James Ward on Spring and Kotlin that was voted third most-liked talk at a show with more than 250 speakers! That was a personal caree...

This Week in Spring - October 11th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! I write this installment as I pack and prepare for my trip to Antwerp, Belgium, for the always-amazing Devoxx show in Antwerp, Belgium. Ive so missed this show over the pandemic and am so looking forward to returning. I hope ...

This Week in Spring - September 27th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Its the last week of September, already! The years more done than not. The days are receding into darkness earlier. And the Pumpkin Spice Lattes are upon us. The darker and colder days are kind of a bummer, but Im stil excite...

This Week in Spring - August 30th, 2022

Hi, Spring fans! How are you? Howre you doin this fine tuesday morning? Im doing well, of course, because this week VMwares tentpole show - VMware Explore - is happening not even a mile from my home, here in San Francisco! And this is just the first one - therell be another show, my favorite show...

ca.uhn.hapi.fhir:hapi-fhir-cli-api (=5.1.0), ca.uhn.hapi.fhir:hapi-fhir-cli-jpaserver (=5.1.0) +152 more potentially affected by CVE-2020-5411 via org.springframework.batch:spring-batch-core (>=4.0.0.RELEASE <=4.2.2.RELEASE)

org.springframework.batch:spring-batch-core MAVEN version =4.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =4.2.0, =4.2.0, =3.0.0, =2020.08.001 and more Source cves: CVE-2020-5411 Source advisory: OSV:GHSA-4PH4-Q9R5-6WM6...

Deserialization of Untrusted Data in Spring Batch

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...

GHSA-4PH4-Q9R5-6WM6 Deserialization of Untrusted Data in Spring Batch

When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...

Spring Batch Admin vulnerable to Stored Cross-site scripting (XSS) in the file upload functionality

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

Spring Batch Admin vulnerable to Cross-site request forgery (CSRF) in the file upload functionality

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...

GHSA-274R-P6V6-FHH4 Spring Batch Admin vulnerable to Cross-site request forgery (CSRF) in the file upload functionality

Cross-site request forgery CSRF vulnerability in the Spring Batch Admin before 1.3.0 allows remote attackers to hijack the authentication of unspecified victims and submit arbitrary requests, such as exploiting the file upload vulnerability...