Spring Authorization Server moving to Spring Security 7.0

Spring Authorization Server has come a long way since 1.0 was officially released in November 2022. Starting as a project separate from Spring Security, has allowed it to iterate quickly on feature development and ultimately grow a rich feature set for building OAuth2 Authorization Servers. It ha...

Linux Distros Unpatched Vulnerability : CVE-2021-22095

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its toString method, will create a new String object from the...

Linux Distros Unpatched Vulnerability : CVE-2019-9186

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In several JetBrains IntelliJ IDEA versions, a Spring Boot run configuration with the default setting allowed remote attackers to execute code when the...

Aembit Named to Fast Company’s Seventh-Annual List of the 100 Best Workplaces for Innovators

Silver Spring, USA, 9th September 2025, CyberNewsWire...

Core Spring Resilience Features: @ConcurrencyLimit, @Retryable, and RetryTemplate

This is the first blog post in the Road to GA series, highlighting major features within the Spring portfolio for the next major versions to be released in November of this year. Today we are proud to announce the new resilience features coming in Spring Framework 7.0: concurrency throttling and...

This Week in Spring - September 9th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I am home, ensconced in my studio here in somewhat sunny San Francisco, California, relaxing and trying to catch up on stuff I missed. As always, there's a ton! So let's dive right into it. Some of the amazing features that...

Access API Moves to Spring Security Access

Five years ago, Spring Security began the journey of modernizing its authorization API. This has paved the way for a number of exciting features like Authorized POJOs, value masking, and, planned for Spring Security 7, Multi-Factor Authentication. This also deprecated the majority of the Access...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +107 more potentially affected by CVE-2025-41243 via org.springframework.cloud:spring-cloud-gateway-server (>=4.0.0 <=4.2.4)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.0.0, =0.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =2023.4.1.0, =1.0.5, =1.0.4, =1.0.11 - cn.openjava:openjava-spring-cloud-gateway-starter =jdk17-0.0.1 - cn.warpin.maven-central:common-gateway-security =0.0....

ch.nexsol-tech.gateway:sample-gateway (>=1.2.0 <=1.3.1), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=1.2.0 <=1.3.1) +36 more potentially affected by CVE-2025-41243 via org.springframework.cloud:spring-cloud-gateway-server (=4.3.0)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-gateway-server and may be impacted: - ch.nexsol-tech.gateway:sample-gateway =1.2.0, =1.2.0...

Exploit for Code Injection in Vmware Spring_Framework

No description...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

CVE-2021-44228 Remote Code Injection In Log4j https://twitter.com/jas502n/status/1468946197629272066 SpringBoot-pom.xml default use : xml org.springframework.boot spring-boot-starter-web mvn dependency:tree java INFO | | +- org.springframework.boot:spring-boot-starter-logging:jar:2.6.1:compile IN...

Path Traversal

org.springframework, spring-webmvc is vulnerable to Path Traversal Vulnerability. The vulnerability is due to improper URI path canonicalization in non-compliant Servlet containers when serving static resources, which allows an attacker to bypass security restrictions and access unauthorized file...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3226 more potentially affected by CVE-2025-58056 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.4.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.1 and more Source cves: CVE-2025-58056 Source advisory: OSV:GHSA-FGHV-69VJ-QJ49...

biz.grundner.vaadin-in-spring:spring-vaadin (=1.0), cn.jhc:umeditor-vaadin-js (=0.0.1) +139 more potentially affected by CVE-2025-9467 via com.vaadin:vaadin-server (>=7.0.0 <=7.7.47)

com.vaadin:vaadin-server MAVEN version =7.0.0, =0.5, =1.1, =1.0, =1.3, =5.0.0, =5.0.0, =5.0.0, =5.2.4 and more Source cves: CVE-2025-9467 Source advisory: SNYK:JAVA-COMVAADIN-12496925...

A Bootiful Podcast: Spring Cloud guru Ryan Baxter

Hi, Spring fans! In this installment we talk to the amazing Spring Cloud contributor Ryan Baxter, live from SpringOne 2025!...

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3956 more potentially affected by CVE-2025-58057 via io.netty:netty-codec-compression (>=4.2.0.Alpha3 <=4.2.4.Final)

io.netty:netty-codec-compression MAVEN version =4.2.0.Alpha3, =0.1.0, =0.1.0, =4.7.4, =4.7.4, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.1 and more Source cves: CVE-2025-58057 Source advisory: SNYK:JAVA-IONETTY-12485152...

ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +18014 more potentially affected by CVE-2025-58057 via io.netty:netty-codec-http2 (>=4.1.0.Beta4 <=4.1.124.Final)

io.netty:netty-codec-http2 MAVEN version =4.1.0.Beta4, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...

Security Bulletin: Vulnerabilities in dependencies affect IBM Common Licensing

Summary Security Vulnerabilities in dependencies affect IBM Common Licensing. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-38820 DESCRIPTION: The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase ha...

The Road to GA - Introduction

As you all should be aware by now, the Spring portfolio is in the process of driving towards the next major versions to be released in November of this year. This will be only the fourth major generation for Spring Boot and the seventh major generation for Spring Framework in its over 20 year...

This Week in Spring - September 2nd, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Frankfurt, awaiting my flight to the Java-tastic Javazone 2025 event where I'll be joined by the legendary James Ward to deliver an AI-focused look at the latest-and-greatest in Spring! And I'm still recovering from th...