1241 matches found
This Week in Spring - June 18th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! I've just come from Paris, France, and now I'm in equally beautiful Krakow, Poland, for the amazing Devoxx PL event. We've got a ton of good stuff to dive into, so let's get going! In last week's installment of Spring Tips, I...
This Week in Spring - June 11th, 2024
This Week in Spring - June 10th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Paris, France, to talk to organizations using and working with Spring. Then, next week, it's off to Krakow, Poland, for the amazing Devoxx PL event! I can't wait. If you're around,...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.6 for Spring Boot security update.
Red Hat build of Apache Camel 3.20.6 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
This Week in Spring - June 4th, 2024
Hi, Spring fans, from London! I'm in this fabulous country doing my level-headed best to refrain from dooing Mr. Bean bits, because, honestly, if I - an avid and prolific fan of Spring and its many beans - can't be "Mr. Bean," then I'm glad Rowan Atkinson is! I'm here for a SpringOne Tour event,...
This Week in Spring - May 27th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it will be! I'm in Venice, Italy, on a little vacation, but tomorrow I begin a quick journey to beautiful Sofia, Bulgaria, where I'll be speaking at the amazing JPrime software show it's my first time speaking...
lenosp 跨站脚本漏洞
Lenosp is a Spring Boot 2.0 rapid development modular scaffolding organized by Zhengzhou Programmers zzdevelop in China. A cross-site scripting vulnerability exists in lenosp 20230831 and earlier versions, which stems from a cross-site scripting XSS vulnerability in the username parameter of the...
SBOM support in Spring Boot 3.3
Spring Boot 3.3.0 has been released, and it contains support for SBOMs. SBOM stands for "Software Bill of Materials" and describes the components used to build a software artifact. In the context of this blog post, that's your Spring Boot application. These SBOMs are useful because they describe...
spring-boot: org.springframework.boot: spring-boot-actuator class vulnerable to denial of service
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring M...
A Bootiful Podcast: Tagir Valeev, Fellow Java Champion and IntelliJ IDEA Java legend
Hi, Spring fans! In today's installment we talk to Tagir Valeev, a fellow Java Champion and IntelliJ IDEA Java legend. Also: don't forget to try out the just-released Spring Boot 3.3 release!...
ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +7626 more potentially affected by CVE-2024-29857 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.77)
org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.4.0, =1.2.0, =1.2.0-alpha07, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2025.05.12.160240-6152e21 and more Source cves: CVE-2024-29857 Source...
This Week in Spring - May 14th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! This week's highlights in the Spring ecosystem emphasize the ongoing advancements and applications of Spring AI. The discussions range from exploring the impressive VectorStore abstraction and enhanced structured output suppo...
A Bootiful Podcast: Spring Boot cofounders Phil Webb and Dr. David Syer on the occasion of the 10th Anniversary of Spring Boot 1.0
Hi, Spring fans! In this installment I talk to cofounders Phil Webb and Dr. David Syer, on the occassion of the 10th Anniversary of Spring Boot...
CVE-2024-29466
Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component...
CVE-2024-29466
Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component...
spring boot online exam 安全漏洞
Online Exam System is an online exam system by orotnom23 individual developers. A security vulnerability exists in spring boot online exam version v.0.9. An attacker can exploit this vulnerability to execute arbitrary code via the FileTransUtil.java component...
CVE-2024-29466
Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component...
This Week in Spring - Tuesday, April 23rd, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! We've had a really busy, wonderful week, as always, so let's dive right into it! We want you! ...to submit a talk to SpringOne 2024, in sunny Las Vegas! Hurry, the CFP closes May 3rd! Spring Shell 3.1.11, 3.2.4, and 3.3.0-m1...
Spring Tips: GRPC
Hi, Spring fans! In this installment, we look at how to create GRPC-based services with Spring Boot...
SQL Injection Vulnerability in SpringBlade of Shanghai Breadtech Co.
SpringBlade is a microservice architecture upgraded and optimized from a commercial-grade project, built with core technologies such as Spring Boot 2.5 and Spring Cloud 2020, and fully following Alibaba coding standards. Ltd. SpringBlade exists SQL injection vulnerability, attackers can use the...
web-flash 安全漏洞
web-flash is an enilu open source web system based on Spring Boot and Vue.js. A security vulnerability exists in web-flash version v3.0, which originated from a vulnerability that allows an attacker to reset an arbitrary user's password via a crafted POST request...