6 matches found
Can I Check What I Designed? Mapping Security Design DSLs to Code Analyzers
When assessing the potential impact of code-level vulnerabilities, e.g., discovered by automated analyzers, it is essential to consider them in the context of the system's security design. However, this is a challenging task due to the abstraction gap between security design, often specified usin...
This Week in Spring - March 21st, 2023
Hi, Spring fans! Welcome to another rip roaring installment of This Week in Spring! It's March 21st and today they announced Java 20! It's an exciting time to be a Java developer. Java 20, of course, is just another amazing installment before Java 21, which comes out in six short months, includin...
Kotlin DSLs in the world of Springdom
Kotlin is a beautiful language that makes it trivial to take old Java libraries and make them much more concise, just by virtue of the Kotlin syntax itself. It shines, however, when you write DSLs. Here's some inside baseball for you: the Spring teams do their level-headed best to be cohesive, to...
A Bootiful Podcast: Spring Batch lead Mahmoud Ben Hassine on the latest and greatest in 2023
Hi, Spring fans! Welcome to another installment of A Bootiful Podcast! In this installment, Josh Long @starbuxman talks to Spring Batch lead Mahmoud Ben Hassine @FMBENHASSINE about the latest and greatest in Spring Batch. notes Submit your talk to SpringOne@Explore, being held August 21-24, 2023,...
GHSA-2XVX-RW9P-XGFC Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin
Pipeline: Groovy Plugin allows pipelines to load Groovy source files. This is intended to be used to allow Global Shared Libraries to execute without sandbox protection. In Pipeline: Groovy Plugin 2689.v434009a31bf1 and earlier, any Groovy source files bundled with Jenkins core and plugins could ...
Sensio Labs Twig Injection Vulnerability
Sensio Labs Twig is a PHP template engine from the French company Sensio Labs that supports custom tags and filters and the creation of DSLs. Sensio Labs Twig is vulnerable to injection, which can be exploited by attackers to run arbitrary PHP functions...