Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.1 for Spring Boot security update.

Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

This Week in Spring - July 23rd, 2024

Hi, Spring fans! It's such an exciting time to be alive! I hope you're doing well. It's nearly the end of July, already! Time is flying and as always the community has not disappointed with their incredible content. Let's dive right into it! have you registered for SpringOne 2024 yet? I love this...

Mini-Tmall Security Breach

Mini-Tmall is a Spring Boot based mini-Tmall mall, fast deployment and running, suitable for use as a Bijou template. A security vulnerability exists in Mini-Tmall version v2024.07.03. An attacker can obtain sensitive information by exploiting the vulnerability...

Mini-Tmall 安全漏洞

Mini-Tmall is a Spring Boot-based mini-Tmall mall , fast deployment run , suitable for use as a bijou template . SQL injection vulnerability exists in versions prior to Mini-Tmall v2024.07.03. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...

Mini-Tmall Security Breach

Mini-Tmall is a Spring Boot based mini-Tmall mall, fast deployment and running, suitable for use as a Bijou template. A security vulnerability exists in Mini-Tmall version v2024.07.03. An attacker can exploit the vulnerability to upload arbitrary files via the component uploadUserHeadImage...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus versions prior to 2024.07.03, which stems from vulnerability to SQL injection attacks...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus versions prior to 2024.07.03, which stems from vulnerability to SQL injection attacks...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus versions prior to 2024.07.03, which stems from vulnerability to SQL injection attacks...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus versions prior to 2024.07.03, which stems from vulnerability to SQL injection attacks...

my-springsecurity-plus Security Vulnerabilities

my-springsecurity-plus is a SpringBoot and SpringSecurity based RBAC backend privilege management system by codermy individual developer. A security vulnerability exists in my-springsecurity-plus prior to 2024.07.03, which stems from some unknown functionality in file/api/dept, where manipulation...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus prior to version 2024.07.03, which stems from an unknown function in the file /api/dept/buil...

my-springsecurity-plus SQL Injection Vulnerability

my-springsecurity-plus is an RBAC backend privilege management system based on SpringBoot and SpringSecurity by codermy individual developer. A SQL injection vulnerability exists in my-springsecurity-plus prior to version 2024.07.03, which stems from an unknown function in file/api/role, where...

This Week in Spring - July 9th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's been! We've got a lot to get into, so let's dive right in. I quite liked this talk, Continuations: The magic behind virtual threads in Java by Balkrishna Rawool @ Spring I/O 2024 In last week's episode of...

This Week in Spring - July 2nd, 2024

Hi, spring fans! Welcome to another amazing installment of This Week in Spring! In last week's installment of A Bootiful Podcast, recorded a few weeks ago at Spring IO, I talked with Spring Security legend Laur Spilca In last week's installment of Spring Tips, I looked at a number of ways you cou...

Spring Tips: Testcontainers, Docker Compose, and Service Connections, oh my

Hi, Spring fans! In this installment, we look at the amazing service connection mechanism in Spring Boot. Service connections are what allow Spring Boot to connect to Testcontainers or Docker Compose containers for supporting infrastructure like SQL databases, middleare, and more. java...

Spring Tips: Go Further, Faster with Spring Boot 3.3 (UPDATED)

NB: I had an error in the AppCDS demo in the older video. This video supercedes that video, with a re-recorded segment on AppCDS. Make sure you're watching the latest of these two similarly titled videos! Hi, Spring fans! In this installment we look at ways to make your applications go further,...

Spring Tips: Further, Faster with Spring Boot 3.3

Hi, Spring fans! In this installment we look at ways to make your applications go further, faster, with AppCDS, GraalVM, AOT on the JRE, and Project CRaC coordinate restore at checkpoint springboot java graalvm programming coding...

This Week in Spring - June 25th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I'm in beautiful Amsterdam, having visited with customers and spoken at a local Java User Group. Now I'm off to lovely London, UK. Last week I was in Krakow, Poland, for the amazing Devoxx PL event, and in Par...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34053)

Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability CVE-2023-34053 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to VMware Tanzu Spring Boot arbitrary denial of service vulnerability ( CVE-2023-34053)

Summary Potential VMware Tanzu Spring Boot arbitrary denial of service vulnerability CVE-2023-34053 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details...