cn.centychen:xxl-job-spring-boot-starter (>=1.0.0-RELEASE <=1.0.1-RELEASE), cn.db101:xxl-job-spring-boot-starter (=1.1.0) +52 more potentially affected by CVE-2022-40929 via com.xuxueli:xxl-job-core (>=1.8.2 <=2.2.0)

com.xuxueli:xxl-job-core MAVEN version =1.8.2, =1.0.0-RELEASE, =0.0.8-RELEASE, =0.0.8-RELEASE, =1.6.0, =1.0.1, =2.1.1-RELEASE, =6.1.0, =0.0.4, =1.5.13, =1.0.7, =1.0.8 and more Source cves: CVE-2022-40929 Source advisory: OSV:GHSA-M54F-RP6R-RRRM...

kkFileView 跨站脚本漏洞

Keking kkFileView is a Spring-Boot project from Keking Technology Keking, a Chinese company that builds online previews of files and documents. A security vulnerability exists in kkFileView v4.1.0, which stems from the errorMsg parameter being vulnerable to cross-site scripting...

Delete Passwords: Passwordless Connections for Spring Boot Apps to Azure Services

Using username/password credentials to access one application from another presents a huge security risk for many reasons. Today, we are announcing the preview of passwordless connections for Java applications to Azure database and eventing services, letting you finally shift away from using...

This Week in Spring - September 27th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Its the last week of September, already! The years more done than not. The days are receding into darkness earlier. And the Pumpkin Spice Lattes are upon us. The darker and colder days are kind of a bummer, but Im stil excite...

Native Support in Spring Boot 3.0.0-M5

The Spring Team has been working on native image support for Spring Applications for quite some time. After 3+ years of incubation in the Spring Native experimental project with Spring Boot 2, native support is moving to General Availability with Spring Framework 6 and Spring Boot 3! Native image...

My SpringOne 2022

It has taken me an embarrassingly long time to appreciate and understand that the devil is in the details regarding software development. Writing happy-path business logic isnt the hard part! Its the failure cases, observability, resilience, and process. Its security and other so-called...

A Bootiful Podcast: Couchbase and Cloud legend Laurent Doguin

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to his friend, fellow Java Champion, and director of developer relations and strategy at Couchbase, Laurent Doguin @ldoguin SpringOne 2022 is almost here! This is our first in-person event since the pandemic and its when we release...

ai.apiverse:apipulse (=1.0.1), com.contentgrid.spring:contentgrid-spring-boot-starter (>=0.4.2 <=0.6.1) +53 more potentially affected by CVE-2022-31679 via org.springframework.data:spring-data-rest-core (>=3.7.0 <=3.7.2)

org.springframework.data:spring-data-rest-core MAVEN version =3.7.0, =0.4.2, =0.4.2, =0.4.2, =5.12.1, =2.4.0, =2.4.0, =2.4.0, =3.0.3, =3.0.3, =3.0.3, =3.0.3, =3.0.3, =3.0.3, =3.1.0 - com.okta.spring.examples:okta-spring-boot-hosted-code-flow-example =2.1.6 and more Source cves: CVE-2022-31679...

Spring Session 2022.0.0-M3 Released

On behalf of the team, I’m pleased to announce the release of Spring Session 2022.0.0-M3. These releases deliver, enhancements, bug fixes, and dependency upgrades. For your convenience, Spring Boot will pick up these artifacts with its upcoming releases. The following modules were updated as part...

This Week in Spring - September 20th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring wherein I endeavor as best as I can to capture the latest-and-greatest in the wide, wacky, and wonderful world of Springdom! Naturally, I fail miserably basically every week. Theres no way I could hope to capture everything of...

kkFileView 路径遍历漏洞

Keking kkFileView is a Spring-Boot project for online previewing of files and documents from Keking Technology Keking. A path traversal vulnerability exists in kkFileView v4.0.0, which is caused by an arbitrary file deletion vulnerability found in the fileName parameter of...

This Week in Spring - August 23rd, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Weve got a ton to cover, so lets dive right into it! A Bootiful Podcast: Flowable founder Joram Barrez on a Bootiful Podcast on workflow, business process management, and more Building IoT Applications Using Fauna and Spring...

kkFileView 跨站脚本漏洞

Keking kkFileView is a Spring-Boot project for online previewing of documents by Keking Technology Keking. A cross-site scripting vulnerability exists in kkFileView v4.1.0, which originates from multiple cross-site scripts in the urls and currentUrl parameters of the...

Introducing Experimental Spring Support for Apache Pulsar

We are happy to announce that we are incubating a new experimental Spring project for Apache Pulsar. This project aims to provide Spring-friendly APIs, building blocks, and programming models for writing Java applications that interact with Apache Pulsar. Apache Pulsar is a popular messaging syst...

A Bootiful Podcast: Observability guru Jonatan Ivanov on the future of observability in Spring Boot

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Spring observability guru Jonatan Ivanov @jonatanivanov...

This Week in Spring - August 1st, 2022

Aloha, Spring fans! Welcome to another installment of This Week in Spring! Im still on vacation on the beautiful island of Maui, Hawaii, but I wanted to say hello "aloha!" and share this weeks latest roundup of all thats good and glorious in the wide and wonderful world of Springdom. Funny thing,...

How to integrate Hibernates Multitenant feature with Spring Data JPA in a Spring Boot application

For quite some time now, Hibernate has offered a Multitenant feature. It integrates nicely with Spring, but there is not much information about how to actually set it up, so I thought an example or two or three could help. There is already an excellent blog article, but it is a little dated and i...

This Week in Spring - July 26th, 2022

Aloha, Spring fans! Im on vacation, reporting to you from the paradise-like island of Maui, Hawaii, and hoping that youre having a wonderful day! My family and I love Hawaii. Its brimming with beauty and serenity, and while the island of Maui, in the state of Hawaii, is very small, the islands ar...

Hardcoded JWT Token in Lin CMS Spring Boot

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...

GHSA-Q72P-4W56-HX7H Hardcoded JWT Token in Lin CMS Spring Boot

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application...