OpenClaw: Forwarding header spoofing bypasses gateway.trustedProxies origin detection

Summary When gateway.trustedProxies was configured, spoofed loopback hops in forwarding headers could be accepted as the client origin and weaken downstream auth and rate-limit decisions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked:...

Spring HATEOAS 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Spring HATEOAS versions 1.5.4 and earlier, 2.0.4 and earlier, and 2.1.0, which stems from the fa...