VMware Spring Framework < 5.3.33, 6.0.x < 6.0.18, 6.1.x < 6.1.5 SSRF Vulnerability - Linux

The VMware Spring Framework is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Hypermedia and Browser Enhancement

Front end development these days is dominated by large JavaScript client side frameworks. There are plenty of good reasons for that, but it can be very inefficient for many use cases, and the framework engineering has become extremely complex. In this article, I want to explore a different...

Spring Boot Testjars founder Rob Winch

Hi, Spring fans! In this week's installment we talk Rob Winch, lead of Spring Security and founder of the exciting new project Spring Boot Testjars...

PT-2024-2177 · Unknown +2 · Spring Framework +3

Name of the Vulnerable Software and Affected Versions: Spring Framework versions prior to 6.1.5 Spring Framework versions prior to 6.0.18 Spring Framework versions prior to 5.3.33 Description: The issue exists due to insufficient validation of user-input data in the UriComponentsBuilder component...

Spring Tips: Spring Batch Remote Partitioning, your easy button for data scale!

Hi, Spring fans! In this installment, Spring Developer Advocate Josh Long looks at how to use Spring Batch's remote partitioning support to easy-button your data processing scale out strategies. postgresql ai datascience data springboot java java21...

This Week in Spring - March 12th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's going to be! Do this first: we need your help! Please answer some questions in our State of Spring survey! Join me for a look at the latest-and-greatest, chronicling how I got started with Spring Boot in...

The vulnerability of the Apache Shiro framework and the Spring Boot framework for creating web applications, related to interpretation conflicts, allows attackers to bypass authentication procedures.

The vulnerability of the Apache Shiro framework and the Spring Boot framework for creating web applications is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a malicious actor to bypass authentication procedures using a specially crafted HTTP reques...

Bootiful Spring Boot in 2024 (part 1)

NB: the code is here on my Github account: github.com/joshlong/bootiful-spring-boot-2024-blog. Hi, Spring fans! I'm Josh Long, and I work on the Spring team. I'm excited to be keynoting and giving a talk at Microsoft's JDConf this year. I'm a Kotlin GDE and a Java Champion, and I'm of the opinion...

PT-2024-2215 · Atlassian +1 · Bamboo Data Center/Server +6

Name of the Vulnerable Software and Affected Versions: Spring Security versions 5.7.x prior to 5.7.12 Spring Security versions 5.8.x prior to 5.8.11 Spring Security versions 6.0.x prior to 6.0.9 Spring Security versions 6.1.x prior to 6.1.8 Spring Security versions 6.2.x prior to 6.2.3 Bitbucket...

PT-2024-3066 · Unknown · Openmetadata

Name of the Vulnerable Software and Affected Versions: OpenMetadata versions prior to 1.2.4 Description: The issue is related to the CompiledRule::validateExpression method, which evaluates an SpEL expression using a StandardEvaluationContext. This allows the expression to interact with Java...

Fedora: Security Advisory for xbean (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: xbean-4.24-3.fc40

The goal of XBean project is to create a plugin based server analogous to Eclipse being a plugin based IDE. XBean will be able to discover, download and install server plugins from an Internet based repository. In addition, we include support for multiple IoC systems, support for running with no...

A Bootiful Podcast: Cristian Schuszter on CERN

Hi, Spring fans! In this installment I talk to Cristian Schuszter, a software engineer at CERN. This episode was recorded live at VOXXED DAYS CERN!. Don't forget to help us out with the State of Spring Survey...

BIT-SPRING-CLOUD-DATAFLOW-2020-5427 Possibility of SQL Injection in Spring Cloud Data Flow Task Execution Sorting Query

In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution...

Spring Tips: the Spring Authorization Server: durability of data

Hi, Spring fans! In this installment, we continue our look at the venerable Spring Authorization Server, this time looking at how to configure persistence and durability for various aspects of the system...

Function Calling in Java and Spring AI using the latest Mistral AI API

UPDATE: As of March 13, 2024, Mistral AI has integrated support for parallel function calling into their large model, a feature that was absent at the time of this blog's initial publication. Mistral AI, a leading developer of open-source large language models, unveiled the addition of Function...

This Week in Spring - March 5th, 2024

Hi, Spring fans! Welcome to another exciting roundup of This Week in Spring! I expect many of you are reading this for the first time, especially with Facebook and Instagram being down. People have been exploring all the other lesser-known corners of the web, looking for their daily "doom scroll....

The vulnerability of the Spring Framework software lies in the insufficient validation of data entered by users, which allows attackers to carry out SSRF attacks.

The vulnerability of the Spring Framework exists due to insufficient validation of data entered by users. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0), androidx.baselineprofile.apptarget:androidx.baselineprofile.apptarget.gradle.plugin (>=1.2.0-alpha12 <=1.2.0-alpha14) +2525 more potentially affected by CVE-2023-51775 via org.bitbucket.b_c:jose4j (>=0.4.1 <=0.9.3)

org.bitbucket.bc:jose4j MAVEN version =0.4.1, =4.4.0.0, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha12, =1.2.0-alpha07, =1.2.0-alpha12, =1.2.0-alpha07, =2.6.0, =2.6.0, =2.6.0, =1.0.0-alpha01, =1.0.0-alpha01,...

A Bootiful Podcast: Roni Dover on Digma AI

Hi, Spring fans! In this installment we talk to Digma AI founder Roni Dover...