35 matches found
A Bootiful Podcast: Spring Security lead Rob Winchon Spring Security 7
Hi, Spring fans! In this installment, I have the privilege of sitting down and talking to the legendary Rob Winch, lead of Spring Security, Spring Session, and the amazing Testjars project...
This Week in Spring – December 16th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it’s been! We’ve got around nine shopping days ’til Christmas, and the New Year is almost here! Things are moving so quickly and the Spring community is no exception! Let's dive into this week's wonderful...
This Week in Spring - October 14th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Boston and New York city and Bulgaria and Poland this week, but I'm still hyped about last week's amazing Devoxx Belgium event! There are a ton of videos to look at, and I'll include just some of them here. So, without...
Spring Session MongoDB: Now Led by MongoDB Team
It gives me great pleasure to announce that the Spring Session MongoDB project will now be led by the MongoDB Team. NOTE: This announcement is in alignment with our announcement Spring Session Hazelcast: Now Led by Hazelcast Team. For ten years Spring Session has provided the infrastructure for...
Spring Session Hazelcast: Now Led by Hazelcast Team
It gives me great pleasure to announce that the Spring Session Hazelcast project will now be led by the Hazelcast Team. NOTE: This announcement is in alignment with our announcement Spring Session MongoDB: Now Led by MongoDB Team. For ten years Spring Session has provided the infrastructure for...
EUVD-2020-0250
Malware in sbrugna...
EUVD-2023-1390
Malicious code in bioql PyPI...
This Week in Spring - August 27th, 2024 - SpringOne 2024 edition
Hi, Spring fans, from the expo hall of SpringOne at VMware Explore 2024! There's a livestream of some of the key talks - register and watch for free now at SpringOne.io. Right now I'm hanging out at the expo hall manning a booth and doing demos to the hoardes of people streaming by, but I'll be...
This Week in Spring - March 26th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! Sam Brannen shares some good news: a null-safe Index operator for the Spring Expression Language SpEL is coming to Spring Framework 6.2! This is interesting, and a nice application of AI do I even need to spell out "artificia...
This Week in Spring - January 16th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 16th of January already! We're closer to February than not! I can hardly believe it. As always, we've got a lot to cover so let's dive right into it. the Spring Authorization Server 1.3.0-m1 is now available this is...
Security Bulletin: Vulnerability in Spring Session affects IBM Process Mining . CVE-2023-20866
Summary There is a vulnerability in Spring Session that could allow a local authenticated attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-20866...
CVE-2023-20866
A flaw was found in Spring Session. If using HeaderHttpSessionIdResolver, the session id can be logged to the standard output stream. This may log sensitive information and could be used by an attacker for session hijacking...
Spring Session session ID can be logged to the standard output stream
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...
GHSA-R7QR-F43M-PXFR Spring Session session ID can be logged to the standard output stream
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...
cn.herodotus.engine:access-sdk-all (>=3.0.1.0 <=3.0.4.2), cn.herodotus.engine:access-sdk-justauth (>=3.0.1.0 <=3.0.4.2) +85 more potentially affected by CVE-2023-20866 via org.springframework.session:spring-session-core (=3.0.0)
org.springframework.session:spring-session-core MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.session:spring-session-core and may be impacted: - cn.herodotus.engine:access-sdk-all =3.0.1.0, =3.0.1.0, =3.0.1.0,...
CVE-2023-20866
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...
CVE-2023-20866
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...
Spring Session 安全漏洞
Spring Session is a module from Spring. A security vulnerability exists in Spring Session version 3.0.0, which stems from the recording of session IDs into the standard output stream leading to the disclosure of sensitive information...
CVE-2023-20866
CVE-2023-20866 affects Spring Session 3.0.0, where the session ID can be logged to standard output when using HeaderHttpSessionIdResolver. This leaks sensitive information from logs and can enable session hijacking. The NVD/CVSS data indicates a base score of 6.5 (MEDIUM) with high confidentialit...
CVE-2023-20866
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...