Atlassian Jira Service Management Data Center and Server 11.0.x < 11.2.0 (JSDSERVER-16466)

The version of Atlassian Jira Service Management Data Center and Server Jira Service Desk running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-16466 advisory. - The Spring Security annotation detection mechanism may not correctly resolve annotations on methods...

This Week in Spring - January 20th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's already the 20th of January and we are off on yet another rip roarin' adventure as we look at the week that has been... this week in Spring! even more good stuff from Spring AI team legend Christian Tsolov, this one on...

A Bootiful Podcast: Spring Security lead Rob Winchon Spring Security 7

Hi, Spring fans! In this installment, I have the privilege of sitting down and talking to the legendary Rob Winch, lead of Spring Security, Spring Session, and the amazing Testjars project...

Atlassian Confluence 10.1.x< 10.1.1 (CONFSERVER-101485)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-101485 advisory. - The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized...

This Year in Spring – December 30th, 2025

Hi, Spring fans! Can you believe it? It's already the 30th of December! I celebrated Christmas with my family in Los Angeles, then we jumped on a flight headed for Southeast Asia to ring in the New Year with more friends and family. I'm sitting at a café in the sweltering city of Kuala Lumpur,...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an authentication bypass in Spring Security [CVE-2025-41248]

Summary IBM Watson Speech Services Cartridge is vulnerable to an authentication bypass in Spring Security, due to an issue where annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics...

This Week in Spring – December 16th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it’s been! We’ve got around nine shopping days ’til Christmas, and the New Year is almost here! Things are moving so quickly and the Spring community is no exception! Let's dive into this week's wonderful...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.0

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotatio...

org.springframework.security/spring-security-core: Spring Security authorization bypass

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

This Week in Spring - November 18th, 2025

This Week in Spring - November 18th, 2025 Hi, Spring fans! I'm thrilled to be in New York City for an exciting week of joint presentations on Spring AI + Bedrock and Spring Boot with the legendary James Ward. First up: we'll present a workshop at the AI Native Dev Conf today, then speak at the...

Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in Spring boot and Spring Security

Summary IBM Sterling Control Center is affected by vulnerabilities in Spring boot and Spring Security CVE-2025-22235, CVE-2025-22228 and CVE-2024-38821 Vulnerability Details CVEID:CVE-2025-22235 DESCRIPTION: EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the...

Security Bulletin: IBM Sterling Control Center is affected by a vulnerability in spring-security-core-6.4.5.jar (CVE-2025-41232)

Summary IBM Sterling Control Center is affected by a vulnerability CVE-2025-41232 in spring-security-core-6.4.5.jar. Vulnerability Details CVEID:CVE-2025-41232 DESCRIPTION: Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an...

Security Bulletin: vulerability in IBM Spectrum Symphony with spring security

Summary vulerability in IBM Spectrum Symphony with spring security Vulnerability Details CVEID:CVE-2024-38827 DESCRIPTION: The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly...

Multi-Factor Authentication in Spring Security 7

In 2013, it was proposed to add multi-factor authentication into Spring Security. That was the year that “selfie” was added to the English dictionary and “What Does the Fox Say?” was a viral YouTube hit. Needless to say, one of the biggest features in Spring Security 7 is a long time coming, and ...

org.springframework.security/spring-security-core: Spring Security authorization bypass

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.7 for Spring Boot release.

Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Authorization Bypass

org.springframework.security, spring-security-core is vulnerable to Authorization Bypass. The vulnerability is due to improper resolution of annotations on methods within type hierarchies containing parameterized supertypes with unbounded generics, which allows an attacker to bypass authorization...

A Bootiful Podcast: Spring Security contributor Josh Cummings on the latest-and-greatest in Spring Security 7

Hi, Spring fans! In this installment we talk to Spring Security contributor and legend Josh Cummings...

Security Bulletin: IBM Sterling Connect:Direct Web Services is affected by a vulnerability in spring-security-core-6.4.3.jar (CVE-2025-41248)

Summary IBM Sterling Connect:Direct Web Services is vulnerable to Annotation detection mechanism may not correctly resolve annotations on methods in spring-security-core-6.4.3. This has been addressed in new fixpacks available from Fix Central. Vulnerability Details CVEID:CVE-2025-41248...

EUVD-2018-0615

Malware in sbrugna...