com.rabbitmq:stream-client (=1.4.0), org.qubership.profiler:qubership-profiler-cli (>=3.0.3 <=3.0.4) +6 more potentially affected by CVE-2025-12183 +1 more via at.yawk.lz4:lz4-java (=1.10.0)

at.yawk.lz4:lz4-java MAVEN version =1.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on at.yawk.lz4:lz4-java and may be impacted: - com.rabbitmq:stream-client =1.4.0 - org.qubership.profiler:qubership-profiler-cli =3.0.3, =3.0.3, =3.0.3, =3.0.3,...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.0

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Process Mining 2.1.0 Vulnerability Details CVEID:CVE-2025-41248 DESCRIPTION: The Spring Security annotation detection mechanism may not correctly resolve annotatio...

org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions...

org.springframework.security/spring-security-core: Spring Security authorization bypass

The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...

Towards Spring Tools 5 - Ready for AI

There is no doubt that AI-based coding assistants are already or will be widely used by developers and within organizations. While the overall outlook is pretty certain, the exact way when and how to use those tools might vary, ranging from extensions for existing IDEs e.g. Copilot for Visual...

A Bootiful Podcast: Dan Vega on the fundamentals of software engineering

Hi, Spring fans! I'm so excited to chat with fellow Spring developer advocate Dan Vega about his new book, Fundamentals of Software Engineering...

This Week in Spring - December 2nd, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring. By mistake, I inadvertently published older content in this installment, then tried to fix it and ended up re-publishing the same content. And, what's worse, I somehow ended up deleting the draft I had written for this...

lab-xss

Cross-Site Scripting XSS Lab 🔒 Un laboratorio educativo com...

lab-sql-injection

SQL Injection Lab 🔒 Un laboratorio completo per testare e com...

Security Bulletin: Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services (CVE-2025-22233, CVE-2024-38820)

Summary Vulnerabilities in Spring Context affect IBM SPSS Collaboration and Deployment Services CVE-2025-22233, CVE-2024-38820. These have been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-22233 DESCRIPTION: CVE-2024-38820 ensured Locale-independent, lowercase...

WebStack-Guns SQL注入漏洞

WebStack-Guns is an open source URL navigation website project by Dana Keeling, an individual developer, with a backend based on Guns and Springboot. A SQL injection vulnerability exists in WebStack-Guns version 1.0, which stems from the incorrect manipulation of the parameter sort in the file...

WebStack-Guns 路径遍历漏洞

WebStack-Guns is Dana Keeling individual developer of an open source web site navigation website project , backend based on Guns and Springboot. WebStack-Guns 1.0 version of a path traversal vulnerability , the vulnerability stems from the file KaptchaController.java function renderPicture...

cc.ddrpa.dorian.polystash:polystash-spring-boot-starter (=1.0.0), com.alibaba.fastjson2:fastjson2-extension (>=2.0.27 <=2.0.62) +33 more potentially affected by CVE-2025-12183 via org.lz4:lz4-pure-java (=1.8.0)

org.lz4:lz4-pure-java MAVEN version =1.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.lz4:lz4-pure-java and may be impacted: - cc.ddrpa.dorian.polystash:polystash-spring-boot-starter =1.0.0 - com.alibaba.fastjson2:fastjson2-extension =2.0.27,...

Towards Spring Tools 5 - Stereotypes and a new Structural View

When working on Spring projects, developers do not only think in terms of low-level concepts like classes and interfaces. When using Spring, you think about higher-level abstractions and concepts like services, repositories, configuration classes, entities, aggregate roots, and so on. To bring...

A Bootiful Podcast: Spring community legend and friend Simon Martinelli

Hi, Spring fans! Happy Thanksgiving from me, and I am sure the entire Spring team, to you! We are, it should be clear, oh so very grateful.. thankful.. for you, the community. This week it is my great pleasure to chat with Spring community legend Simon Martinelli...

Security Bulletin: IBM Operational Decision Manager for Oct 2025 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-22233...

This Week in Spring - Spring Boot 4 edition! - November 25th, 2025

Hi, Spring fans! Welcome to another illustrious installment of This Week in Spring! It’s Thanksgiving week here in the United States. Thanksgiving is traditionally celebrated with friends and family every fourth Thursday of November, gathered around a table full of food and, usually, a giant...

Spring Data Ahead of Time Repositories - Part 2

Concluding the Road to GA blog post series, let's explore benefits of Spring Data AOT Repositories. Back in May 2025, we first introduced Ahead of Time AOT repositories as a preview feature for JPA and MongoDB with the 3rd Milestone of the next Spring Data generation. This feature, in short, uses...

Beyond JSON: Converting Spring AI Tool Response Formats to TOON, XML, CSV, YAML, ...

JSON is the go-to format for LLM tool responses, but recent discussions around alternative formats like TOON Token-Oriented Object Notation claim potential benefits in token efficiency and performance. While the debate continues—with critical analyses pointing to context-dependent results—the...

@asyncapi/server-api (>=0.16.0 <=0.16.23) potentially affected by unknown CVE via @asyncapi/java-spring-cloud-stream-template (=0.13.4)

@asyncapi/java-spring-cloud-stream-template NPM version =0.13.4 is affected by a known vulnerability. The following packages have a transitive dependency on @asyncapi/java-spring-cloud-stream-template and may be impacted: - @asyncapi/server-api =0.16.0, =0.16.23 Source cves: unknown CVE Source...