A Bootiful Podcast: Vaadin's Marcus Hellberg on rich UIs, Spring Boot 3, GraalVM native images, and more

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Vaadins Marcus Hellberg @marcushellberg about rich UIs, Vaadin Flow, the new Hilla Framework, GraalVM native image compilation, and so much more...

This Week in Spring - December 6th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you? You know what Ive wanted to do? See my friends on the Spring team in person since the pandemic descended. And, Im overjoyed to relate, Ive just had the privilege of a nice meeting with several of them last night...

Spring WS Samples upgraded for Spring Boot 3.0!

With the recent announcement of Spring Boot 3.0 going GA, some of you may be interested in upgrading your Spring Web Services-based applications to take full advantage of this. The Spring WS team has upgraded our set of sample apps to help you carry that out. The main branch now tracks the versio...

This Week in Spring - November 29th, 2022 (Spring Boot 3 has arrived)

Hi, Spring fans! Its here! Its finally here, at long last! Spring Boot 3!! And of course with Spring Boot 3.0 comes a whole portfolio of integrated projects that have also been updated! Remember, a huge theme in this release is support for GraalVM native images, and thats now supported across the...

Exploit for Code Injection in Vmware Spring_Framework

Spring Boot CVE-2022-22965 Docker PoC for CVE-2022-22965 with...

Spring Tips: the road to Spring Framework 6: the new Ahead-of-Time Compilation Engine and GraalVM

Hi, Spring fans! Spring Boot 3 is here or will be tomorrow, on the 24th of November, 2022, to be more precise!, bringing a fantastic new Ahead-of-Time AOT compilation engine that supports GraalVM native images. Join me, and well dive deep into the engine and its interactions with the Spring...

This Week in Spring - November 22nd, 2022 - Spring Boot 3 and Thanksgiving edition!

Hi, Spring fans! Its Tuesday, the 22nd of November, 2022, as I write this, which means were two days away from Spring Boot 3 and Thanksgiving. Spring Boot 3, Ive written about in abundance so I wont rehash that. If you want to learn more about some of the amazing new features in Spring Framework ...

This Week in Spring - November 15th, 2022

Hi, Spring fans! Howre you doin this fine Tuesday morning? Ive returned home to San Francisco and am up and at em nice and early to catch a flight to Seattle, where Ill speak at the Java User Group tonight. If youre in Seattle, dont miss it! Weve got a ton of cool stuff to get into this week, but...

io.github.talelin:lin-cms-spring-boot-autoconfigure (>=0.0.1-RC1 <=0.2.0-RELEASE), io.github.talelin:lin-cms-spring-boot-starter (>=0.0.1-RC1 <=0.2.0-RELEASE) potentially affected by CVE-2022-44244 via io.github.talelin:lin-cms-core (>=0.0.1-RC2 <=0.2.0-RELEASE)

io.github.talelin:lin-cms-core MAVEN version =0.0.1-RC2, =0.0.1-RC1, =0.0.1-RC1, =0.2.0-RELEASE Source cves: CVE-2022-44244 Source advisory: OSV:GHSA-4VRC-Q7M6-VQ7W...

Updates on Spring Cloud Stream 4.0.0 Schema Registry Support

This blog gives an update on the Schema Registry support that is part of Spring Cloud Stream version 4.0.x. Many enterprises use a schema registry for schema evolution use cases, such as the Confluent Schema Registry. Starting with version 1.1.x of Spring Cloud Stream until 3.0.0, we provided a...

CVE Report Published for Spring Tools

We have released STS 4.16.1 for Eclipse and Spring VSCode extensions 1.40.0 to address the following CVE report: - CVE-2022-31691: Remote Code Execution via YAML editors in STS4 extensions for Eclipse and VSCode Please review the information in the CVE report and upgrade immediately. Eclipse: STS...

PT-2022-20891 · Spring · Spring Boot Tools +1

Name of the Vulnerable Software and Affected Versions: Spring Tools 4 for Eclipse version 4.16.0 and below Spring Boot Tools version 1.39.0 and below Concourse CI Pipeline Editor version 1.39.0 and below Bosh Editor version 1.39.0 and below Cloudfoundry Manifest YML Support version 1.39.0 and bel...

Exploit for Authorization Bypass Through User-Controlled Key in Vmware Spring_Security

CVE-2022-31692 Demo Overview A simple Spring Boot applicat...

Exploit for Authorization Bypass Through User-Controlled Key in Vmware Spring_Security

CVE-2022-31692 Demo Overview A simple Spring Boot applicat...

com.bstek.uflo:uflo-console (>=2.0.0 <=2.1.5), com.syyai.spring.boot:uflo-spring-boot-starter (=2.1.4) +1 more potentially affected by CVE-2022-25894 via com.bstek.uflo:uflo-core (>=2.0.0 <=2.1.5)

com.bstek.uflo:uflo-core MAVEN version =2.0.0, =2.0.0, =2.0, =2.5.1.v20220215 Source cves: CVE-2022-25894 Source advisory: SNYK:JAVA-COMBSTEKUFLO-3091112...

Bootiful Podcast: Spring Mad Scientist Andy Clement on SpringOne 2022, AOT, Azure Spring Apps, and more

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Spring mad scientist Andy Clement @andyclement about the new native support in Spring Boot 3, SpringOne 2022, and Azure Spring Apps, among other things...

Spring Tips: the road to Spring Boot 3: Spring Framework 6

Hi, Spring fans! In this installment, we begin a journey to Spring Boot 3, due end of November 2022. In this installment, well look - at a very high level - at some of the amazing features in Spring Framework 6, which underpins Spring Boot 3. Want to learn more about Spring Framework 6 and Spring...

Important: Red Hat Security Advisory: Red Hat Camel for Spring Boot 3.14.5 release and security update

A minor version update from 3.14.2 to 3.14.5 is now available for Camel for Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

This Week in Spring - October 25th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! When last we spoke, I was in Las Vegas, NV, for the JavaOne show. It was amazing! Im in sunny Singapore, then off to Malaysia and Thailand. Its the first time Ive been to any of these places since 2019! How good it is to be...

MAL-2022-6269 Malicious code in spring-boot-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24c0313226e487a37c9158c78bc620c0306eb778d0aa789677c0c77811785295 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...