PT-2026-39895

Name of the Vulnerable Software and Affected Versions Valtimo versions 12.4.0 through 12.32.0 Valtimo versions 13.0.0 through 13.25.0 Description The LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full reque...

The state of HTTP clients in Spring

This is a new blog post in the Road to GA series, this time exploring the new capabilities of our HTTP clients. This is also a good time to reflect on the state of HTTP clients in Spring, so we will use this opportunity to explain an important announcement: we are officially deprecating...

RestClient Support for OAuth2 in Spring Security 6.4

In Spring Security 6.2 and 6.3, we have worked to steadily improve configuration for applications using OAuth2 Client. Configuration for common use cases has been simplified by allowing applications to publish beans which are automatically included in the overall OAuth2 Client configuration durin...

CRLF Injection in RestSharp's `RestRequest.AddHeader` method

Summary The second argument to RestRequest.AddHeader the header value is vulnerable to CRLF injection. The same applies to RestRequest.AddOrUpdateHeader and RestClient.AddDefaultHeader. Details The way HTTP headers are added to a request is via the HttpHeaders.TryAddWithoutValidation method: This...

Exploit for CVE-2024-22243

CVE-2024-22243 Author: Sean Pesce This project conta...

This Week in Spring - Spring Boot 3.2 edition - November 21st, 2023

Hi, Spring fans! Welcome to another epic installment of This Week in Spring! As amazing as the week's already been, it's all leading up to this Thursday - Thanksgiving day! - when we release Spring Boot 3.2! and yes, I am very grateful. This release is stuffed to the gills with a ton of new...

This Week in Spring - November 14th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's November 14th, and you know what that means? NINE MORE DAYS until Spring Boot 3.2 drops on the day of the US holiday of Thanksgiving, no less! Some key features include: virtual threads initial CRaC support more...

New in Spring 6.1: RestClient

Spring Framework 6.1 M2 introduces the RestClient, a new synchronous HTTP client. As the name suggests, RestClient offers the fluent API of WebClient with the infrastructure of RestTemplate. Fourteen years ago, when RestTemplate was introduced in Spring Framework 3.0, we quickly discovered that...

This Week in Spring - July 11th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in yummy, sunny Jakarta, Indonesia at the moment, preparing for a week of meetings and the SpringOne Tour Indonesia event later this week. I'll also be speaking in Kuala Lumpur, Malaysia on July 20th, 2023 . If you're in...

CVE-2016-15028 ICEPAY REST-API-NET Checksum Validation RestClient.cs RestClient integrity check

A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The...

Malicious code in frontend-restclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 021d3938f5ec5a4cb8c329e1de5df194cdf361f4e9e51c5919144bba8857559c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3228 Malicious code in frontend-restclient (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 021d3938f5ec5a4cb8c329e1de5df194cdf361f4e9e51c5919144bba8857559c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...