ch.sbb:spring-cloud-stream-binder-solace (>=8.0.0 <=9.0.2), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +157 more potentially affected by CVE-2026-40990 via org.springframework.cloud:spring-cloud-function-context (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =5.0.0-M1, =8.0.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =1.0.0, =1.0.0, =2.0.0-RC1, =8.0.4 and more S...

com.netflix.ndbench:ndbench-cli (>=0.3.12 <=0.7.4), com.netflix.ndbench:ndbench-geode-plugins (>=0.3.5 <=0.7.4) +35 more potentially affected by CVE-2026-2817 via org.springframework.data:spring-data-geode (>=1.0.0.INCUBATING-RELEASE <=2.7.5)

org.springframework.data:spring-data-geode MAVEN version =1.0.0.INCUBATING-RELEASE, =0.3.12, =0.3.5, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =2.0.0.RELEASE, =3.0.0, =3.2.1...

EUVD-2021-1933

Malware in sbrugna...

EUVD-2022-6440

Malicious code in bioql PyPI...

CVE-2021-37694

@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream SCSt microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and al...

This Week in Spring - February 4th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's February 4th, 2025, as I write this. We are ten days away from Valentine's day, and about a month away from Devnexus. Lots to look forward to, in both the short term and the long term! Let's dive right into this week's...

From Spring Cloud Data Flow 2.11.x to 3.0

Dear Spring Community, With the recent announcement of Spring Framework 7.0 and Spring Boot 4.0, the Spring Cloud Data Flow team is pleased to announce the next major release, SCDF 3.0, to align with both Spring Framework 7.0 and Spring Boot 4.0. This will bring the following SCDF ecosystem of...

GO-2022-0511 KubeEdge Cloud Stream and Edge Stream DoS from large stream message in github.com/kubeedge/kubeedge

KubeEdge Cloud Stream and Edge Stream DoS from large stream message in github.com/kubeedge/kubeedge...

This Week in Spring - November 14th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's November 14th, and you know what that means? NINE MORE DAYS until Spring Boot 3.2 drops on the day of the US holiday of Thanksgiving, no less! Some key features include: virtual threads initial CRaC support more...

A Use Case for Transactions: Outbox Pattern Strategies in Spring Cloud Stream Kafka Binder

Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications Part 3: Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications Part ...

This Week in Spring - October 17th, 2023

Hi, Spring fans! Welcome to yet another installment of This Week in Spring! It's October 17th, 2023, and I am here in Montreal, Canada, and then I'm off to Salt Lake City, Utah on Thursday for the Java User Group there. Don't miss it! We've got a lot to cover this week so let's dive right into it...

Apache Kafka’s Exactly-Once Semantics in Spring Cloud Stream Kafka Applications

Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications Part 3: Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications Part ...

Transactional Rollback Strategies with Spring Cloud Stream and Apache Kafka

Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications Part 3: Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications In th...

Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications

Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications In the previous part of this blog series, we saw the basics of transaction management, primarily when...

This Week in Spring - October 3rd, 2023

Hi Spring fans! Welcome to another installment of This Week in Spring! How're you doin'? I've just flown in from Singapore - where I was keynoting and presenting at SpringOne Singapore - and am now in Antwerp, Belgium for the deliriously fun Devoxx Belgium show. I've missed this show, and it's a...

Producer Initiated Transactions in Spring Cloud Stream Kafka Applications

Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications This article is part 2 of the blog series in which we look at transactions in detail with Spring Cloud Stream and Apache Kafka. We saw a general introduction to transactions in the...

Introduction to Transactions in Spring Cloud Stream Kafka Applications

We are starting a new blog series that focuses on working with transactions in Spring Cloud Stream Kafka applications. This blog series covers many low-level details of writing transactional applications with Spring Cloud Stream and Apache Kafka. By the end of this blog series, we hope to give yo...

Updates on Spring Cloud Stream 4.0.0 Schema Registry Support

This blog gives an update on the Schema Registry support that is part of Spring Cloud Stream version 4.0.x. Many enterprises use a schema registry for schema evolution use cases, such as the Confluent Schema Registry. Starting with version 1.1.x of Spring Cloud Stream until 3.0.0, we provided a...

GHSA-WRCR-X4QJ-J543 KubeEdge Cloud Stream and Edge Stream DoS from large stream message

Impact The Cloud Stream server and the Edge Stream server reads the entire message into memory without imposing a limit on the size of this message. An attacker can exploit this by sending a large message to exhaust memory and cause a DoS. The Cloud Stream server and the Edge Stream server are...

CVE-2022-31079 KubeEdge Cloud Stream and Edge Stream DoS from large stream message

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the Cloud Stream server and the Edge Stream server reads the entire message into memory without imposing a limit on the size o...