This Week in Spring - May 5th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's May 5th, 2026, and I'm in Mainz, Germany, for the legendary JAX conference! It's been infinitely far too long since I've been at this amazing show, and I'm oh-so happy to be back here! Tonight, after my two talks here, I...

PT-2023-5586 · Apache · Apache Nifi

Name of the Vulnerable Software and Affected Versions: Apache NiFi versions 0.0.2 through 1.21.0 Description: The issue in Apache NiFi is related to the DBCPConnectionPool and HikariCPConnectionPool Controller Services, which allow an authenticated and authorized user to configure a Database URL...

Spring Boot Actuator HikariCP Remote Code Execution

The Spring Boot framework is one of the most popular Java-based microservice frameworks that helps developers quickly and easily deploy Java applications. When the endpoint actuator is accessible with the env and restart methods, it is possible for an unauthenticated remote attacker to obtain a...

SQL Injection

storage-jdbc-hikaricp-plugin is vulnerable to SQL injection. The wildcard query cases when using H2/MySQL/TiDB allows an attacker to inject and execute arbitrary SQL statements...