This Week in Spring - Happy New Year 2023 edition - December 27th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Its 27 December as I write this and - being honest - I couldnt be happier. Its raining outside. Im in a warm cozy office. Good music is playing. People are asleep in my home. I can hear the raindrops and wind outside the...

kkFileView cross-site scripting vulnerability (CNVD-2023-00013)

kkFileView is China's Keking Technology Keking company's a Spring-Boot to create a file document online preview project . A cross-site scripting vulnerability exists in kkFileView, which stems from the setWatermarkAttribute function in the /picturesPreview file that allows an attacker to implemen...

kkFileView 跨站脚本漏洞

kkFileView is China's Keking Technology Keking company's a Spring-Boot to create a file document online preview project . A cross-site scripting vulnerability exists in kkFileView, which stems from the setWatermarkAttribute function in the /picturesPreview file that allows an attacker to implemen...

Spring Boot 3.0.1 available now

On behalf of the team and everyone who has contributed, Im happy to announce that Spring Boot 3.0.1 has been released and is now available from Maven Central. This release includes 54 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with iss...

Moderate: Red Hat Security Advisory: Red Hat support for Spring Boot 2.7.2 update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications monoliths and microservices for OpenShift as a containerized platform. This release of Red H...

club.mrxiao:express-java-common (>=1.0.0 <=1.0.2), club.mrxiao:express-java-jdl (>=1.0.0 <=1.0.2) +263 more potentially affected by CVE-2022-45689 via cn.hutool:hutool-json (>=4.0.0 <=5.8.10)

cn.hutool:hutool-json MAVEN version =4.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.3, =2.0.5, =2.0.1.B, =2.0.1.B, =2.0.1.B, =1.0.1, =1.0.3 and more Source cves: CVE-2022-45689 Source advisory: OSV:GHSA-FXRC-HG6J-6V3X...

This Week in Spring - December 13th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! I truly, absolutely, can not believe that were nearly done with the year already! Have you made your new years resolutions? Submitted your expense reports? Its that time of the year when Im going to start focusing on staying...

FS-Blog 跨站脚本漏洞

FS-Blog is a personal blog based on Spring Boot by the individual developer of zbl1996. A security vulnerability exists in FS-Blog. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

CVE-2022-46166

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

Design/Logic Flaw

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

Spring Boot Admins integrated notifier support allows arbitrary code execution

Impact All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are possibly affected. Patches In the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 the issue is fixed by implementing SimpleExecutionConte...

GHSA-W3X5-427H-WFQ6 Spring Boot Admins integrated notifier support allows arbitrary code execution

Impact All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are possibly affected. Patches In the most recent releases of Spring Boot Admin 2.6.10 and 2.7.8 the issue is fixed by implementing SimpleExecutionConte...

CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

CVE-2022-46166 Spring Boot Admins integrated notifier support allows arbitrary code execution

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

CVE-2022-46166

The CVE affects Spring Boot Admins with Spring Boot Admin Server where Notifiers (e.g., Teams-Notifier) are enabled and users have write access to environment variables via the UI. The root cause involves potential code execution via the /env actuator endpoint, enabling an attacker to inject or e...

spring-boot-admin 代码注入漏洞

spring-boot-admin is an open source based on Spring boot Mybatis backend management system , with user management , menu management and role management 3 functions , permission control to the button level . A code injection vulnerability exists in spring-boot-admin versions prior to 2.6.10 and...

PT-2022-27781 · Unknown · Spring-Boot-Admin

Name of the Vulnerable Software and Affected Versions: Spring Boot Admin versions prior to 2.6.10 Spring Boot Admin versions prior to 2.7.8 Description: The issue affects users who run Spring Boot Admin Server with enabled Notifiers and write access to environment variables via UI. This allows fo...

Moderate: Red Hat Security Advisory: Red Hat Camel for Spring Boot 3.18.3 release and security update

A minor version update from 3.14.5 to 3.18.3 is now available for Camel for Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...

A Bootiful Podcast: Vaadin's Marcus Hellberg on rich UIs, Spring Boot 3, GraalVM native images, and more

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Vaadins Marcus Hellberg @marcushellberg about rich UIs, Vaadin Flow, the new Hilla Framework, GraalVM native image compilation, and so much more...