7 matches found
Moderate: Red Hat Security Advisory: Red Hat Camel for Spring Boot 3.18.3 release and security update
A minor version update from 3.14.5 to 3.18.3 is now available for Camel for Spring Boot. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...
This Week in Spring - October 25th, 2022
Hi, Spring fans! Welcome to another installment of This Week in Spring! When last we spoke, I was in Las Vegas, NV, for the JavaOne show. It was amazing! Im in sunny Singapore, then off to Malaysia and Thailand. Its the first time Ive been to any of these places since 2019! How good it is to be...
CVE-2022-31684: Reactor Netty HTTP Server may log request headers
The Reactor Netty 1.0.24 release on October 11 included fix for CVE-2022-31684 affecting Reactor Netty HTTP Server. Users are encouraged to update as soon as possible. Reactor Netty is used internally in many frameworks including Spring WebFlux and its WebClient. If you have a Spring Boot...
CVE-2022-31684
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...
CVE-2022-31684
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...
CVE-2022-31684
CVE-2022-31684 affects Tanzu VMware Reactor Netty (HTTP Server) versions 1.0.11–1.0.23. The issue is that request headers may be logged in certain invalid HTTP requests when WARN logging is enabled, potentially exposing valid access tokens found in those logs. The connected Red Hat and IBM adviso...
CVE-2022-31684
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...