1241 matches found
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8 for Spring Boot security update.
Red Hat build of Apache Camel 4.8 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
This Week in Spring - November 26th, 2024
This Week in Spring - November 26th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! Happy Spring Boot 3.4 release month to those who celebrate! And, also, Happy Thanksgiving to those who celebrate! Spring Boot 3.4 brings with it long-anticipated updates to the entire...
HTTP/3 support in Reactor 2024.0 Release Train
HTTP/3, the latest major version of the Hypertext Transfer Protocol, had its specification finalized in June 2022. This version is designed to enhance performance, reliability, and security. Unlike its predecessors, HTTP/3 utilizes QUIC instead of TCP as its transport layer. QUIC is a UDP-based,...
Bootiful Spring Boot 3.4: Start Here
Hi, Spring fans! And happy Spring Boot 3.4 release to those who celebrate! I know, I know what you're thinking: Josh, Spring Boot 3.4 already shipped! I know it. Spring Boot 3.4 dropped a week earlier this year! In the last couple of years, we’ve released Spring Boot on the same day as Thanksgivi...
This Week in Spring - November 19th, 2024
Hi, Spring fans! How are you? Can you believe we're already staring at the end of the month? It's that time of the year when we see new releases, and the new releases reflect that frenzy! Soon: Spring Boot 3.4.0! Are you updated? Make sure you're updated! Remember: Spring projects leave open sour...
Critical: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.4 for Spring Boot security update.
Red Hat build of Apache Camel 4.4.4 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
CVE-2024-52302
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper...
Exploit for CVE-2024-52302
CVE-2024-52302: Unrestricted File Upload Vulnerability in Comm...
CVE-2024-52302
CVE-2024-52302 affects the Spring Boot app common-user-management, specifically the /api/v1/customer/profile-picture endpoint. The vulnerability arises from unrestricted file uploads without proper validation or restrictions, allowing attackers to upload arbitrary files that can lead to Remote Co...
CVE-2024-52302 common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper...
CVE-2024-52302 common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper...
CVE-2024-52302 common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE)
common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper...
Security Bulletin: IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot
Summary IBM B2B Sterling Integrator is vunerable to information disclosure due to Spring Boot Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or Spring WebFlux or...
Java-springboot-codebase 代码问题漏洞
Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects from osama individual developers. A code issue vulnerability exists in Java-springboot-codebase that stems from allowing files to be uploaded without proper authentication or restrictions...
ai.ancf.lmos-router:benchmarks (=0.2.0), ai.ancf.lmos-router:lmos-router-hybrid (=0.2.0) +23017 more potentially affected by CVE-2024-47535 via io.netty:netty-common (>=4.0.0.Alpha1 <=4.1.114.Final)
io.netty:netty-common MAVEN version =4.0.0.Alpha1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.4.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0...
This Week in Spring - November 12th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! Spring Cloud 2024.0.0-RC1 aka Moorgate has been released In this installment of A Bootiful Podcast , I talk to Gradle developer advocate Baruch Sadogursky good news everybody! GraalVM will now support jcmd, which allows you t...
This Week in Spring - November 5th, 2024
This Week in Spring - November 5th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 5th of November, 2024, and, um, I - an American - am desperately trying to keep calm and carry on. I did everything I can do VOTE!, and so it's with considerable enthusiasm th...
IceCMS File Upload Vulnerability
IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation . A file upload vulnerability exists in IceCMS 3.4.7 and earlier versions, which stems from the lack of validation of uploaded files in the uploadFile method of FileUtils.java. An attacker can use...
This Week in Spring - October 29th, 2024
Hi, Spring fans! How're things? It's almost Halloween! I'm so excited! I'm going as a PHP program. Boooooooo...t. I'm writing this from the amazing Vaadin Create conference in Frankfurt, Germany, about to do my keynote for an amazing, Spring-loving audience here. So, without further ado, let's di...
Let’s use OpenTelemetry with Spring
Introduction In the dynamic realm of observability, OpenTelemetry is a new set of tools that emerged from the now-deprecated OpenCensus and OpenTracing projects. When it comes to Spring Framework, Spring Boot, Spring Data, and Spring Cloud observability, mature solutions like Micrometer, the de...