EUVD-2026-20473

Eclipse Jetty: Early return from the JASPIAuthenticator code can potentially no clear ThreadLocal variables...

Sensitive Information in Resource Not Removed Before Reuse

Overview Affected versions of this package are vulnerable to Sensitive Information in Resource Not Removed Before Reuse in the JASPIAuthenticator. An attacker can gain unauthorized access or escalate privileges by exploiting residual ThreadLocal values that are not cleared after authentication...

PT-2026-31308

Name of the Vulnerable Software and Affected Versions Eclipse Jetty affected versions not specified Description Eclipse Jetty's JASPIAuthenticator class sets two ThreadLocal variables during authentication checks. Under certain conditions, the code returns early without clearing these ThreadLocal...

Context Propagation with Project Reactor 3 - Unified Bridging between Reactive and Imperative

This post is a part of a series: 1. The Basics 2. The bumpy road of Spring Cloud Sleuth 3. Unified Bridging between Reactive and Imperative We concluded the last article with the thought that Spring Cloud Sleuth’s MANUAL context propagation strategy is both performant and provides correct...