Malicious code in spring-boot-devtools (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 24c0313226e487a37c9158c78bc620c0306eb778d0aa789677c0c77811785295 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Introducing Spring Modulith

When designing software systems, architects and developers have plenty of architectural options to choose from. Microservice-based systems have become ubiquitous in the last couple of years. However, the idea of monolithic, modular systems has also regained popularity recently. Independent of the...

CVE-2022-31684: Reactor Netty HTTP Server may log request headers

The Reactor Netty 1.0.24 release on October 11 included fix for CVE-2022-31684 affecting Reactor Netty HTTP Server. Users are encouraged to update as soon as possible. Reactor Netty is used internally in many frameworks including Spring WebFlux and its WebClient. If you have a Spring Boot...

cn.fossc.polaris.framework:basic-framework-spring-boot-starter (>=3.0.9 <=3.0.33), cn.fossc.polaris.framework:polaris-framework-boot (>=3.0.1 <=3.0.33) +29 more potentially affected by CVE-2022-39198 via org.apache.dubbo:dubbo (>=3.0.0 <=3.0.11)

org.apache.dubbo:dubbo MAVEN version =3.0.0, =3.0.9, =3.0.1, =3.0.1, =3.0.1, =1.2.1, =1.2.2 - com.github.shijingsh:common-dubbo =1.6.1 - com.github.shijingsh:common-dubbo-nacos =1.6.1 - com.github.shijingsh:common-web =1.6.1 - com.github.shijingsh:xs-entity =1.6.1 - com.github.shijingsh:xs-job...

This Week in Spring - October 18th, 2022

Hi, Spring fans! Howre you doin? Im doin alright! Last week I was in Antwerp, Belgium, for the amazing Devoxx BE show. I did a presentation with my friend and hero James Ward on Spring and Kotlin that was voted third most-liked talk at a show with more than 250 speakers! That was a personal caree...

Keking kkFileView 跨站脚本漏洞

Keking kkFileView is a Spring-Boot project from Keking Technology Keking, a Chinese company that builds online previews for documents. A security vulnerability exists in Keking kkFileView version 4.0, which can be exploited to implement cross-site scripting via its controllerFilecontroller.java...

Spring at JavaOne 2022

Hi, Spring fans! Its Sunday the 16th of October as I write this and Im winging my way to sunny Las Vegas, Nevada, where Ill be attending and presenting at the first JavaOne show in years! It didnt exist as the JavaOne we know and love for years, even before the pandemic interrupted life as we kno...

Learn more about Spring Framework 6 and Spring Boot 3 in these two great talks from Devoxx 2022

Hi, Spring fans! I was just at Devoxx in Belgium, where hundreds of experts from across the Java ecosystem converged for the first time since 2019 to deliver their biggest and best. I could do a proper trip report, but I really just came here to point you to two talks from two of my amazing...

A Bootiful Podcast: Google mad scientist Josh Suereth on Observability with OpenTelemetry, building better build tools, and so much more

Hi, Spring fans! In this installment, Josh Long @starbuxman looks at the latest and greatest in Spring Boot 3 AOT, then talks to Googles Josh Suereth @jsuereth about observability with OpenTelemetry, building better build tools, and so much more. Want to learn more about Spring Boot and the wider...

Observability with Spring Boot 3

The Spring Observability Team has been working on adding observability support for Spring Applications for quite some time, and we are pleased to inform you that this feature will be generally available with Spring Framework 6 and Spring Boot 3! What is observability? In our understanding, it is...

This Week in Spring - October 11th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! I write this installment as I pack and prepare for my trip to Antwerp, Belgium, for the always-amazing Devoxx show in Antwerp, Belgium. Ive so missed this show over the pandemic and am so looking forward to returning. I hope ...

This Week in Spring - October 4th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Its October 4th, 2022, and Im in Austin, TX, for the new version of show formerly known as the Kafka Summit, here to talk to folks about the amazing opportunities for Spring Boot and Apache Kafka. On the 12th, Ill be in...

CVE-2022-23726

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

CVE-2022-23726

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

Information disclosure

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

CVE-2022-23726

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

CVE-2022-23726

PingCentral contains an exposure where Spring Boot actuator endpoints are accessible with administrative authentication, leaking extensive environmental and application information. Affected: PingCentral versions prior to the listed versions. Root cause: actuator endpoints exposed due to access c...

CVE-2022-23726

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information...

PT-2022-16230 · Unknown · Spring Boot +1

Name of the Vulnerable Software and Affected Versions: PingCentral versions prior to listed versions Description: The issue exposes Spring Boot actuator endpoints, which can return large amounts of sensitive environmental and application information when accessed with administrative authenticatio...

Ping Identity PingCentral 安全漏洞

Ping Identity PingCentral is a self-service delegation management software from Ping Identity, Inc. A security vulnerability exists in Ping Identity PingCentral that originates from exposing the Spring Boot executor endpoint to obtain a large amount of sensitive information...