85 matches found
This Week in Spring - 28 November, 2023
Hi, Spring fans! I hope everyone who celebrated Thanksgiving had a wonderful time. Did you indulge in too much turkey? Anyway, let's jump into this week's edition of This Week in Spring—a particularly special one for a couple of reasons. First, it's our first issue after the launch of Spring Boot...
CVE-2023-38493
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of t...
Cross site request forgery (csrf)
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of t...
CVE-2023-38493 Paths contain matrix variables bypass decorators
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via TomcatService or JettyService with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of t...
This Week in Spring - June 20th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Sydney, Australia, talking to customers, koalas, kangaroos, and whoever else will listen! I'll be doing a live presentation, tonight at the Microsoft Reactor here in Sydney. Register now and come join me! As usual, we'...
This Week in Spring - May 23rd, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 23rd and, famously, nothing major has happened in the last week OH WAIT WE RELEASED SPRING BOOT 3.1! Have you checked it out yet? It's dope. I did a Spring Tips installment looking at some of its features here that y...
This Week in Spring - April 4th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you doin? Me, I'm exhausted! It's been quite the odyssey trying to get to Devnexus, but I made it, eventually! If you're at Devnexus, check out this roundup of interesting and awesome talks from the Spring team and...
A Bootiful Podcast: Spring Integration lead Artem Bilan on the latest in Spring Integration 6
Hi, Spring fans! In this installment Josh Long @starbuxman talks to Spring Integration lead Artem Bilan @artembilan about the latest and greatest in Spring Integration. Spring Integration makes it easier to connect an increasingly larger ecosystem of disparate services and systems. SHOW NOTES: I...
This Week in Spring - March 28th, 202
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm reporting to you from Los Angeles, where my family and I have gone for my daughter's spring break. We're going to survey some prospective colleges and we're going to Disneyland. Needless to say, I'm doubly glad to have al...
K23985340: Spring Integration Zip vulnerability CVE-2018-1261
Security Advisory Description Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z that holds path traversal filenames. So when the...
This Week in Spring - January 31st, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm not going to spend too much time here in the preamble because a today's both my birthday and my late father's birthday and b I got the worst gift ever: COVID-19. Sigh. So, I'm going back to bed. Without further ado, let's...
Introducing Microservices Patterns with Spring Integration
Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today Id like to share with a project Im working on since holidays, where the mentioned...
Introducing Microservices Patterns with Spring Integration
Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...
Introducing Microservices Patterns with Spring Integration
Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned...
This Week in Spring - Happy New Year 2023 edition - December 27th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Its 27 December as I write this and - being honest - I couldnt be happier. Its raining outside. Im in a warm cozy office. Good music is playing. People are asleep in my home. I can hear the raindrops and wind outside the...
This Week in Spring - October 4th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Its October 4th, 2022, and Im in Austin, TX, for the new version of show formerly known as the Kafka Summit, here to talk to folks about the amazing opportunities for Spring Boot and Apache Kafka. On the 12th, Ill be in...
This Week in Spring - September 27th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Its the last week of September, already! The years more done than not. The days are receding into darkness earlier. And the Pumpkin Spice Lattes are upon us. The darker and colder days are kind of a bummer, but Im stil excite...
spring-integration-zip Arbitrary File Write
Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal...
Path Traversal in Spring-integration-zip
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar, xz, war, cpio, 7z, that holds path traversal filenames. So...
com.farao-community.farao:gridcapa-data-bridge (>=1.0.0 <=1.3.2), com.pleosoft.pleodox:pleodox-core (>=1.0.0-RELEASE <=1.0.2-RELEASE) potentially affected by CVE-2021-22114 via org.springframework.integration:spring-integration-zip (>=1.0.2.RELEASE <=1.0.3.RELEASE)
org.springframework.integration:spring-integration-zip MAVEN version =1.0.2.RELEASE, =1.0.0, =1.0.0-RELEASE, =1.0.2-RELEASE Source cves: CVE-2021-22114 Source advisory: OSV:GHSA-VW83-H3MQ-3QWJ...