A Bootiful Podcast: My friend Anthony Dahanne on Buildpacks, Production, Docker images, and more

Salut fans de Spring! In this installment I'm joined by the legendary Anthony Dahanne. If you've enjoyed success in production using Spring's built-in spring-boot:build-image capability, you've got today's guest Anthony to thank for it!...

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Google Guava and Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information. Pivota Spring...

This Week in Spring - March 25th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week, I’m in Portland, OR, then I'm off to Austin, TX for the Arc of AI show, and then I'm off to Amsterdam for Voxxed Days Amsterdam! If you're around, be sure to say hi! There's a ton of cool stuff to look at, so witho...

CicadasCMS 注入漏洞

CicadasCMS is a content management framework developed based on SpringBoot Mybatis SpringSecurity Vue by westboy Individual Developer in China. An injection vulnerability exists in CicadasCMS version 1.0, which stems from vulnerability to SQL injection attacks...

starsea-mall 代码注入漏洞

starsea-mall is a springboot +thymeleaf based Xiaomi mall management system by StarSea99 individual developer. A code injection vulnerability exists in starsea-mall version 1.0, which originates from cross-site scripting and may lead to remote attacks...

CVE-2025-2334

A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access...

CVE-2025-2323

CVE-2025-2323 concerns a vulnerability in the 274056675 springboot-openai-chatgpt project where the function updateQuestionCou in /api/mjkj-chat/chat/mng/update/questionCou of the Number of Question Handler can be manipulated to enforce a behavioral workflow. Exploitation is described as remote. ...

springboot-openai-chatgpt 安全漏洞

springboot-openai-chatgpt is a SpringCloud microservices based architecture by 274056675 individual developers. A security vulnerability exists in springboot-openai-chatgpt, which stems from hard-coded credentials and could lead to remote attacks...

springboot-openai-chatgpt 安全漏洞

springboot-openai-chatgpt is a SpringCloud microservices architecture based on SpringCloud by 274056675 individual developers. A security vulnerability exists in springboot-openai-chatgpt that stems from a business logic error and could lead to a remote attack...

springboot-openai-chatgpt 安全漏洞

springboot-openai-chatgpt is a SpringCloud microservices based architecture by 274056675 individual developers. A security vulnerability exists in springboot-openai-chatgpt that stems from improper authorization and could lead to remote attacks...

This Week in Sprng - March 11th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's a busy week as always, fresh off the rush that was Devnexus and busily preparing for the fun that is JavaOne! It's going to be epic! want to learn about dependency injection, auto-configuration, Spring Framework, Spring...

starsea-mall 安全漏洞

starsea-mall is a springboot +thymeleaf based Xiaomi mall management system by StarSea99 individual developer. A security vulnerability exists in starsea-mall version 1.0, which stems from improper manipulation of the userId parameter, which may lead to improper access control...

Linux Distros Unpatched Vulnerability : CVE-2023-20883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service...

This Week in Sprng - March 4th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring , and Happy Devnexus 2025 to those who celebrate! That's right sports fans, I'm off to awesome Atlanta, Georgia later today for Devnexus, one of the world's largest annual gatherings of Java community and luminaries alike. I'l...

Mini-Tmall 跨站脚本漏洞

Mini-Tmall is Mini-Tmall open source Spring Boot based on a comprehensive B2C e-commerce platform . Used to build an e-commerce platform to provide commodity trading services. A cross-site scripting vulnerability exists in Mini-Tmall 20250211 and previous versions. Attackers can use the...

com.alilitech:boot-plus-log (>=2.1.0 <=2.1.5), com.github.linyuzai:concept-plugin-spring-boot-starter (>=2.0.0 <=3.0.0) +19 more potentially affected by CVE-2025-27152 via org.webjars.npm:axios (>=1.15.2 <=1.7.2)

org.webjars.npm:axios MAVEN version =1.15.2, =2.1.0, =2.0.0, =1.0.3, =1.0.0, =2.1.1, =1.0.0, =1.0.0, =2.1.3, =2.0.0, =1.0.2, =4.22.2, =4.22.2, =0.0.1, =1.0.0 - org.webjars.npm:posthog-node =4.17.1 and more Source cves: CVE-2025-27152 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-9376923...

This Week in Spring - February 25th, 2025

Hi, Spring fans, and welcome to another rip-roarin' installment of This Week in Spring! Later today I'll board a plane for magnificent Montreal, Canada for the amazing Confoo conference! I'm super excited! Good news everybody! Spring Boot 3.5.0-M2 is now available! In last week's installment of t...

A Bootiful Podcast: BellSoft's Catherine Edelveis

Hi, Spring and JDK fans! In this week's episode I talk to BellSoft developer advocate Catherine Edelveis java springboot jre jdk graalvm CRaC...

A Bootiful Podcast: Spring Boot and Spring Initializr legend Moritz Halbritter

Hi, Spring fans! In this installment I talk to Spring Boot and Spring Initializr legend Moritz Halbritter...

This Week in Spring - February 11th, 2025

Hi, Spring fans! It's almost Valentine's day, and let me just say: I love the Spring community! It's such an exciting and interesting place to be. Thank you everyone for all that you do. I'm busy preparing for ConFoo, in Montreal, Canada, and for Devnexus, in Atlanta, Georgia. If you're around be...