The new Spring Boot version validation and upgrade support in Spring Tools

New releases of Spring Boot are being released on a quite frequent schedule and updating your projects to newer versions of Spring Boot is something that many teams and organizations around the globe do as part of their daily work. Sometimes those upgrades are simple and easy, for example for new...

The new Spring Boot version validation and upgrade support in Spring Tools

New releases of Spring Boot are being released on a quite frequent schedule and updating your projects to newer versions of Spring Boot is something that many teams and organizations around the globe do as part of their daily work. Sometimes those upgrades are simple and easy, for example for new...

This Week in Spring - January 17th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I went to Helsinki, Finland, last week, and this week I'm in Atlanta, Georgia, to speak at the Atlanta Java User Group. And, of course, next week, I'll be in New York to join a viewing party for the airing of SpringOne...

The new Spring Boot version validation and upgrade support in Spring Tools

New releases of Spring Boot are being released on a quite frequent schedule and updating your projects to newer versions of Spring Boot is something that many teams and organizations around the globe do as part of their daily work. Sometimes those upgrades are simple and easy, for example for new...

Apache Shiro Interpretation Conflict vulnerability

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

GHSA-7CXR-H8WM-FG4C Apache Shiro Interpretation Conflict vulnerability

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

DEBIAN-CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

UBUNTU-CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

Authentication flaw

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

CVE-2023-22602

The CVE-2023-22602 issue affects Apache Shiro before 1.11.0 when used with Spring Boot 2.6+ and can allow an authentication bypass via a specially crafted HTTP request. The bypass arises because Shiro and Spring Boot may use different Ant-style pattern matching, causing access controls to be impr...

CVE-2023-22602 Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

CVE-2023-22602

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

CVE-2023-22602 Apache Shiro before 1.11.0, when used with Spring Boot 2.6+, may allow authentication bypass through a specially crafted HTTP request

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot 2.6 default to Ant sty...

Apache Shiro 安全漏洞

Apache Shiro is a suite of Java security frameworks for performing authentication, authorization, encryption, and session management from the Apache Foundation USA. A security vulnerability exists in Apache Shiro versions prior to 1.11.0, which stems from a specially crafted HTTP request that cou...

favorites-web 跨站脚本漏洞

Favorites-web Cloud Favorites is an open source website built with Spring Boot by the individual developer Pure Smile ityouknow. A cross-site scripting vulnerability exists in favorites-web, which stems from some unknown functionality in its Comment Handler component that allows an attacker to...

PT-2023-8779 · Apache +2 · Apache Shiro +2

Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.11.0 Spring Boot versions 2.6+ Description: The issue is related to a conflict of interpretations between Apache Shiro and Spring Boot, which can be exploited by a remote attacker using a specially crafted HTT...

This Week in Spring - January 9th, 2023

Hi, Spring fans! As I write this Im on a plane winging my way to Helsinki, Finland. A new year and new journeys begin. Its going to be cold there. Wish me luck! Do you know what always warms me up? The thrill of learning. And this weeks no different. This week weve got some good stuff line up so...