ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +7626 more potentially affected by CVE-2024-29857 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.77)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.4.0, =1.2.0, =1.2.0-alpha07, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2025.05.12.160240-6152e21 and more Source cves: CVE-2024-29857 Source...

This Week in Spring - May 14th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week's highlights in the Spring ecosystem emphasize the ongoing advancements and applications of Spring AI. The discussions range from exploring the impressive VectorStore abstraction and enhanced structured output suppo...

RHEL 7 : spring-webflow (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spring-webflow: Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-8039 - An issue was...

RHEL 8 : spring-framework (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - spring-framework: RCE via Data Binding on JDK 9+ CVE-2022-22965 Note that Nessus has not tested for this issue but...

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-40167 DESCRIPTION: Jetty is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP/1 request...

Spring AI - Structured Output

UPDATE: 04.06.2024 Adde snippets for using structured output with the new, fluent ChatClient API . UPDATE: 17.05.2024 Generic Types support for BeanOutputConverter added. Science works with chunks and bits and pieces of things with the continuity presumed, and Art works only with the continuities...

A Bootiful Podcast: Spring Boot cofounders Phil Webb and Dr. David Syer on the occasion of the 10th Anniversary of Spring Boot 1.0

Hi, Spring fans! In this installment I talk to cofounders Phil Webb and Dr. David Syer, on the occassion of the 10th Anniversary of Spring Boot...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 En las versiones 3.1.6, 3.2.2 y versiones anter...

Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2021-28170 DESCRIPTION: Eclipse EE4J Jakarta Expression Language could allow a remote attacker to bypass security restrictions, caused by a...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to privilege escalation due to Spring-Web (CVE-2023-44794)

Summary IBM Sterling Connect:Direct Web Services uses Spring-Web. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-44794 DESCRIPTION: Dromara SaToken and SpringBoot could allow a remote authenticated attacker to gain elevated privileg...

Spring Tips: Vector Databases with Spring AI

Hi, Spring fans! In this installment, we look at the amazing support for vector databases in Spring AI...

Roothub 安全漏洞

Roothub is a forum system developed using SSM and MySQL. A security vulnerability exists in Roothub v2.6, which was discovered to contain an SQL injection vulnerability via the topic parameter in the list function...

This Week in Spring - May 7th, 2024

Hi, Spring fans! Welcome to another amazing installment of This Week in Spring! I'm in bellisima Rome, Italy, where I've just spent time in some fun meetings, and now I'm off to lovely London, UK, for Devoxx UK 2024. It's going to be amazing. If you're there, don't hesitate to say hi! I've got to...

Security Bulletin: VMware Tanzu Spring Framework is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMWare Tanzu Spring Framework which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu Spring Framewo...

aero.m-click:mcpdf (>=0.2.5 <=0.2.10), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +21419 more potentially affected by CVE-2024-34447 via org.bouncycastle:bcprov-jdk15on (>=1.61 <=1.70)

org.bouncycastle:bcprov-jdk15on MAVEN version =1.61, =0.2.5, =4.4.0.0, =0.1.12, =0.1.2, =0.28.0, =0.4.0, =0.4.0, =0.2.8, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =24.9.8 and more Source cves: CVE-2024-34447 Source advisory: OSV:GHSA-4H8F-2WVX-GG5W...

A Bootiful Podcast: Carl Azoury, Zenika founder and CEO

Hi, Spring fans! In this installment I talk to Zenika founder and CEO Carl Azoury, and friend to the community and a part of the Spring story for decades...

Exploit for Code Injection in Vmware Spring_Framework

SpringFrameworkCVE-2022-22965RCE SpringFramework 远程代码执行漏洞CVE...

Spring Tips: Beans, Beans: What's in a Spring bean?

Hi, Spring fans! In this installment we explore the essential Spring bean. What are they, how are they created, and what do they mean to you?...

CVE-2024-29466

Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component...

OSV-2024-335 Security exception in org.springframework.expression.spel.standard.InternalSpelExpressionParser.eatExp

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67978 Crash type: Security exception Crash state: org.springframework.expression.spel.standard.InternalSpelExpressionParser.eatExp java.base/java.nio.charset.CharsetEncoder.replaceWith java.base/java.nio.charset.CharsetEncoder...