35 matches found
CVE-2023-20866
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...
Spring Session 3.0.0-RC1
Spring Session 3.1.0-RC1 has been released. The biggest news from this release is that Spring Session Geode was removed which means all of the Spring Modules now belong to the same lifecycle. This means that the Spring Session BOM no longer uses CalVer and instead uses the same version as the...
This Week in Spring - September 27th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! Its the last week of September, already! The years more done than not. The days are receding into darkness earlier. And the Pumpkin Spice Lattes are upon us. The darker and colder days are kind of a bummer, but Im stil excite...
Spring Session 2022.0.0-M3 Released
On behalf of the team, I’m pleased to announce the release of Spring Session 2022.0.0-M3. These releases deliver, enhancements, bug fixes, and dependency upgrades. For your convenience, Spring Boot will pick up these artifacts with its upcoming releases. The following modules were updated as part...
This Week in Spring - April 26th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! This week I was hoping to be in glorious Chicago, Illinois for the first in-person SpringOne Tour installment since the pandemic. But, alas, I couldnt go because - out of an abundance of caution, and since I was exposed to...
Improper implementation of the session fixation protection in Infinispan
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...
GHSA-6X3V-RW2Q-9GX7 Improper implementation of the session fixation protection in Infinispan
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...
CVE-2019-10158
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...
CVE-2019-10158
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...
Session fixation
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...
CVE-2019-10158
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...
CVE-2019-10158
Infinispan (up to 9.4.14.Final) is affected by an improper implementation of the session fixation protection in the Spring Session integration, leading to incorrect session handling. This vulnerability is documented as CVE-2019-10158. Red Hat’s advisory confirms the issue and provides the remedia...
PT-2020-9052 · Red Hat · Infinispan
Name of the Vulnerable Software and Affected Versions: Infinispan versions prior to 9.4.14.Final Description: A flaw was found in the improper implementation of the session fixation protection in the Spring Session integration, which can result in incorrect session handling. Recommendations: For...
infinispan: Session fixation protection broken for Spring Session integration
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...
CVE-2019-10158
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling...