[SECURITY] Fedora 43 Update: vhs-0.10.0-4.fc43

Write terminal GIFs as code for integration testing and demoing your CLI tool s...

[SECURITY] Fedora 42 Update: vhs-0.9.0-2.fc42

Write terminal GIFs as code for integration testing and demoing your CLI tool s...

be.atbash.test:integration-testing (=2.2.0), be.atbash.test:integration-testing-database (=2.2.0) +643 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=4.0.0 <=4.0.6)

org.apache.cxf:cxf-core MAVEN version =4.0.0, =1.0.0, =12.1-7-21, =0.0.1, =2.70.0, =2.71.1 - com.codbex.kronos:codbex-kronos-commons =2.70.0 - com.codbex.kronos:codbex-kronos-components-api-parent =2.69.0 - com.codbex.kronos:codbex-kronos-components-engine-xsjob =2.69.0 and more Source cves:...

Information Disclosure

org.apache.maven.plugins,maven-archetype-plugin is vulnerable to Information Disclosure. The vulnerability is due to the integration testing process, which creates the archetype-settings.xml file containing sensitive information from the user's /.m2/settings.xml, allowing an attacker to access...

CVE-2024-47197

A flaw was found in the Maven Archetype Plugin. Archetype integration testing can create a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users /.m2/settings.xml file, which often contains sensitive information or credentials. When the...

GHSA-2QQ7-FCH2-PHQF Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials

Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype...

[SECURITY] Fedora 40 Update: maven-verifier-plugin-1.1-6.fc40

Assists in integration testing by means of evaluating success/error conditions read from a configuration file...

This Week in Spring - July 11th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in yummy, sunny Jakarta, Indonesia at the moment, preparing for a week of meetings and the SpringOne Tour Indonesia event later this week. I'll also be speaking in Kuala Lumpur, Malaysia on July 20th, 2023 . If you're in...

Improved Testcontainers Support in Spring Boot 3.1

There's been support for Testcontainers in Spring Boot for some time now, and Spring Boot 3.1 improves it further. But first, let's take a look at what Testcontainers is and how it's usually used. Testcontainers is an open source framework for providing throwaway, lightweight instances of...

[SECURITY] Fedora 38 Update: rubygem-actionpack-7.0.4.3-1.fc38

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser...

Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs

An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on SSO integration can be logged to the '/var/log/demisto/' server logs when testing the integration during setup. This logged information includes the...

[SECURITY] Fedora 33 Update: rubygem-actionpack-6.0.3.3-2.fc33

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

QIWI: Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete"

Summary The API interface on https://contactws.contact-sys.com:3456/ accepts a body to interact with the server's AppServ object. Because of insufficient input validation, an attacker can abuse the ID parameter to inject arbitrary SQL statements into the underlying prepared statement. This leads ...

[SECURITY] Fedora 25 Update: rubygem-actionpack-5.0.0.1-2.fc25

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 23 Update: rubygem-actionpack-4.2.3-5.fc23

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 22 Update: rubygem-actionpack-4.2.0-3.fc22

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 20 Update: rubygem-actionpack-4.0.0-5.fc20

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 21 Update: rubygem-actionpack-4.1.5-2.fc21

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 19 Update: rubygem-actionpack-3.2.13-6.fc19

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 20 Update: rubygem-actionpack-4.0.0-4.fc20

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...