1241 matches found
Important: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 4.0.3 release security update
Red Hat Integration Camel for Spring Boot 4.0.3 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
Moderate: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 3.20.5 release and security update
Red Hat Integration Camel for Spring Boot 3.20.5 release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
Spring Tips: Spring Boot Testjars
Hi, Spring fans! In this installment we look at the brand new Spring Boot Testjars project, which greatly simplifies standing up and reusing satellite Java-based services like other Spring Boot-based microservices or infrastructure like the Spring Authorization Server. springboot java java21...
Spring Tips: Spring AI
Hi, Spring fans! In this installment we'll look at the new Spring AI project, which provides convenient integrations with LLMs like the one behind ChatGPT and tools to support the RAG retrieval augmented generation pipeline. ai springboot artificialintelligence java graalvm cloud java21 postgresq...
Security Bulletin: IBM Sterling Control Center vulnerable to denial of service due to Spring Boot and remote code execution due to Spring Framework
Summary IBM Sterling Control Center containerized image uses VMWare Tanzu Spring Boot and Pivotal Spring Framework. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-20883 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial...
This Week in Spring - February 6th
Hi, Spring fans! Welcome to another installment of the rip-roarin' adventure that is This Week in Spring! We've got a lot to look at, as usual, so let's dive right into it! in last week's installment of A Bootiful Podcast, I talked to Gunnar Morling, who created the 1BRC 1 Billion Row Challenge...
com.epam.reportportal:service-authorization (>=5.11.0 <=5.11.1), com.erudika:para-jar (=1.49.0) +51 more potentially affected by CVE-2023-34042 via org.springframework.security:spring-security-config (>=5.8.4 <=5.8.6)
org.springframework.security:spring-security-config MAVEN version =5.8.4, =5.11.0, =1.73.40, =1.73.40, =1.73.40, =1.73.40, =2.35.0, =2.14.0, =2.14.0, =11.3.6, =11.3.6, =11.3.6, =11.3.6, =11.4.2 and more Source cves: CVE-2023-34042 Source advisory: OSV:GHSA-9GP8-6CG8-7H34...
com.almis.awe:awe-annotation (>=4.7.1 <=4.7.7), com.almis.awe:awe-annotations-spring-boot-starter (>=4.7.1 <=4.7.7) +28 more potentially affected by CVE-2023-34042 via org.springframework.security:spring-security-config (>=6.0.4 <=6.0.6)
org.springframework.security:spring-security-config MAVEN version =6.0.4, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.1, =4.7.7 - com.giffing.wicket.spring.boot.starter:wicket-spring-boot-starter =4.0.0-M1 and more Source cves:...
springboot-manager Security Vulnerability
springboot-manager is a backend management system based on SpringBoot + Thymeleaf + Layui + Apache Shiro + Redis + Mybatis Plus by Chinese liwenbin individual developer. A security vulnerability exists in springboot-manager v1.6, which originates from an easy cross-site scripting attack via...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in VMware Tanzu Spring Boot
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of VMware Tanzu Spring Boot . Vulnerability Details CVEID:CVE-2023-34055 DESCRIPTION: VMware Tanzu Spring Boot is vulnerable to a denial of service, caused by a flaw when application uses Spring MVC or...
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to snappy-java information disclosure vulnerabilitiy [CVE-2023-20883]
Summary Potential VMware Tanzu Spring Boot denial of service, vulnerability caused by a flaw when Spring MVC is used together with a reverse proxy cache have been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details fo...
Spring Tips: easy CQRS with Axon Framework
Hi, Spring fans! In this installment I'm joined by Axon Framework founder Allard Buijze and we look at the new integrations for Spring Boot developers in Axon Framework and AxonIQ Server. Special thanks to AxonIQ for the keynote video replay. Check out for more great stuff! java java21 axon...
This Week in Spring - January 30th, 2024
Hi, Spring fans! It's January 30th, and it's a very special week for me as, tomorrow, I celebrate my birthday and the birthday of my biological father with whom I share the same birthday! Happy birthday, dad! Sadly, he passed in 2019. I'm pretty excited! I'm turning 40. Feels good. Almost as good...
Spring Framework server Web DoS Vulnerability
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
Memory corruption
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233 CVE-2024-22233: Spring Framework server Web DoS Vulnerability
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233 CVE-2024-22233: Spring Framework server Web DoS Vulnerability
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....
CVE-2024-22233
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....