Lucene search
K
SpringRecent

924 matches found

Spring Security Advisories
Spring Security Advisories
added 2024/02/15 12:0 a.m.11 views

A Bootiful Podcast: Oracle Java Developer Advocate Nicolai Parlog on the latest and greatest in Java

Hi, Spring fans! In this installment, I talk to Oracle Java Developer Advocate Nicolai Parlog on the latest and greatest in Java...

6.9AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/02/13 12:0 a.m.9 views

This Week in Spring - February 14th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Friends, tomorrow is Valentine's day, and I love Spring. So, it's a very exciting thing indeed to be able to share this week's jam-packed roundup. Let's dive right into it! Spring Tools 4.21.1 is now available In the latest...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/02/08 12:0 a.m.11 views

A Bootiful Podcast: Dr. Venkat Subramaniam, on the latest in Java

Hi, Spring fans! In this installment the good and the great Dr. Venkat Subramaniam rejoins the show, live from the fantastic VOXXED DAYS CERN event, to talk about some of the amazing features in Java 21...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/02/08 12:0 a.m.14 views

Spring Tips: Spring Boot Testjars

Hi, Spring fans! In this installment we look at the brand new Spring Boot Testjars project, which greatly simplifies standing up and reusing satellite Java-based services like other Spring Boot-based microservices or infrastructure like the Spring Authorization Server. springboot java java21...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/02/08 12:0 a.m.12 views

Spring Tips: Spring AI

Hi, Spring fans! In this installment we'll look at the new Spring AI project, which provides convenient integrations with LLMs like the one behind ChatGPT and tools to support the RAG retrieval augmented generation pipeline. ai springboot artificialintelligence java graalvm cloud java21 postgresq...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/02/07 12:0 a.m.13 views

This Week in Spring - February 6th

Hi, Spring fans! Welcome to another installment of the rip-roarin' adventure that is This Week in Spring! We've got a lot to look at, as usual, so let's dive right into it! in last week's installment of A Bootiful Podcast, I talked to Gunnar Morling, who created the 1BRC 1 Billion Row Challenge...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/02/01 12:0 a.m.11 views

A Bootiful Podcast: Gunnar Morling on the 1BRC challenge and taking Java to BLAZING fast performance territory

Hi, Spring fans! In this installment, I talk to fellow Java Champion Gunnar Morling, and we look at how his 1BRC challenge helped the community eek out some of Java's best performance numbers...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/01/30 12:0 a.m.7 views

Spring Tips: easy CQRS with Axon Framework

Hi, Spring fans! In this installment I'm joined by Axon Framework founder Allard Buijze and we look at the new integrations for Spring Boot developers in Axon Framework and AxonIQ Server. Special thanks to AxonIQ for the keynote video replay. Check out for more great stuff! java java21 axon...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/01/30 12:0 a.m.6 views

local information disclosure via temporary directory created with unsafe permissions

In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...

5.5CVSS6.2AI score0.00223EPSS
Exploits0References2
Spring Security Advisories
Spring Security Advisories
added 2024/01/30 12:0 a.m.14 views

This Week in Spring - January 30th, 2024

Hi, Spring fans! It's January 30th, and it's a very special week for me as, tomorrow, I celebrate my birthday and the birthday of my biological father with whom I share the same birthday! Happy birthday, dad! Sadly, he passed in 2019. I'm pretty excited! I'm turning 40. Feels good. Almost as good...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/01/25 12:0 a.m.11 views

A Bootiful Podcast: Spring trainer extraordinairre Patrick Baumgartner

Hi, Spring fans! In this installment, I talked to Spring trainer extraordinaire, long-time community contributor, and Voxxed Days co-organizer for various shows in Switzerland. This talk was recorded live at Voxxed Days CERN!...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/01/22 12:0 a.m.27 views

This Week in Spring - January 23rd, 2024

Hi, Spring fans, and greetings from CERN, home of the famous Large Hadron Collider, where I'm speaking again at the VOXXED Days CERN 2017 event. It's been an amazing almost week here in lovely Switzerland, first in Lugano for VOXXED Days Ticino, and now in Geneva. I'm super excited to be here, bu...

5CVSS7.1AI score0.01048EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/01/22 12:0 a.m.49 views

CVE-2024-22233: Spring Framework server Web DoS Vulnerability

The Spring Framework 6.0.16 and 6.1.3 releases shipped on January 11th includes a fix for CVE-2024-22233. The Spring Boot 3.1.8 and 3.2.2 releases shipped last week upgrade to the relevant Spring Framework versions. Users are encouraged to update as soon as possible...

5CVSS7.3AI score0.01048EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/01/22 12:0 a.m.6 views

Spring Framework server Web DoS Vulnerability

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: Typically, Spring Boot applications need the...

7.5CVSS7.1AI score0.01048EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2024/01/19 12:0 a.m.10 views

Spring Security 6.3 Adds Passive JDK Serialization/Deserialization for Seamless Upgrades

In the early versions of Spring Security, a deliberate decision was made to avoid providing any guarantee of compatibility for serialized classes via JDK serialization between different versions of the project. This decision primarily took into account the context of RMI, with the recommendation...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/01/18 12:0 a.m.6 views

A Bootiful Podcast: programming language archaeologist Ted Neward

Hi, Spring fans! In this installment, I talk to programming language archaeologist Ted Neward...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/01/16 12:0 a.m.21 views

This Week in Spring - January 16th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 16th of January already! We're closer to February than not! I can hardly believe it. As always, we've got a lot to cover so let's dive right into it. the Spring Authorization Server 1.3.0-m1 is now available this is...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/01/11 12:0 a.m.11 views

A Bootiful Podcast: Apache Skywalking’s Sheng Wu and Apache ShardingSphere’s Trista Pan

Hi, Spring fans! In this installment we're joined by two Apache luminaries Trista Pan - of Apache ShardingSphere - and Sheng Wu - of Apache Skywalking...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/01/10 12:0 a.m.16 views

Spring Tips: Spring Data JDBC

Hi, Spring fans! In this installment, Josh Long looks at the fantastic Spring Data JDBC project, which is one of the easiest and most powerful ways to leverage JDBC in a Spring Boot application...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/01/09 12:0 a.m.44 views

This Week in Spring - January 9th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the second week of 2024, and I am already thinking about 2025! And, a bit more immediatelt than that: the next two weeks. I'll be at both VOXXED DAYS Ticino and VOXXED DAYS CERN, both in Switzerland. If you're about, com...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/01/04 12:0 a.m.11 views

A Bootiful Podcast: Kubernetes guru Leigh Capili helps us ring in the new year

Hi, Spring fans! And Happy new year! In this episode I talk to Kubernetes guru Leigh Capili, who helps us ring in the new year!...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/01/02 12:0 a.m.16 views

This Week in Spring - January 2nd, 2024

Hi, Spring fans! Happy New Year! As we step into 2024, full of hope and enthusiasm, welcome to the first installment of This Week in Spring. It's a time for new beginnings and resolutions, and what better way to start than by exploring the ever-evolving world of Spring? I hope your new year...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/12/28 12:0 a.m.8 views

A Bootiful Podcast: Trifork CTO Joris Kuipers

Hi, Spring fans! In this installment, Josh Long talks to longtime Spring community legend and Trifork CTO Joris Kuipers. Happy new year!...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/12/26 12:0 a.m.18 views

This Year in Spring - 2023

Welcome to another installment of This Week in Spring! It's December 26th, 2023, and we're staring down the new year! And you know what that means, right? It's time for our annual roundup, looking at all the latest and greatest in the wild and wonderful world of Springdom. This is This Year in...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/12/22 12:0 a.m.6 views

A Bootiful Podcast: Cloud Native Whitney Lee

Hi, Spring fans! In this installment, I talk to legendary Cloud Native Whitney Lee about cloud infrastructure, that one trick every dev must know, her new operations-centric gameshow, and more. Happy holidays to y'all!...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/12/19 12:0 a.m.8 views

This Week in Spring - December 19th, 2023

Hi, Spring fans! Welcome to another oh-so-festive edition of This Week in Spring! the Spring Authorization Server 1.2.1, 1.1.14, and 0.4.5, are now available Spring AMQP 3.1.1 is now available Spring Security 5.8.9, 6.1.6, 6.2.1 are now available Spring for Apache Kakfa 3.1.1 is now available...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/12/14 12:0 a.m.7 views

A Bootiful Podcast: Microcks.io contributors Laurent Broudoux and Yacine-Kheddache

Hi, Spring fans! In this installment, I talk about the wide world of AI and then discuss microservice testing with Microcks.io contributors and founders Laurent Broudoux and Yacine-Kheddache. This was recorded live from Devoxx BE 2023!...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/12/12 12:0 a.m.9 views

This Week in Spring - December 12th, 2023

Hi, Spring fans! Welcome to a new installment of This Week in Spring! We've got a ton of stuff to get into, so let's dive right in! Laur Spilca and I look at how to ugprade a Spring Security 5.x application to Spring Security 6.x. Apache SkyWalking with Sheng Wu and Apache ShardingSphere with...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/12/07 12:0 a.m.13 views

A Bootiful Podcast: Spring creator Rod Johnson and Oracle vice president Heather VanCura

Hi, Spring and software fans! In this installment of the show we have Spring creator and investor Rod Johnson and Oracle vice president Heather VanCura on the show to talk about the premise of her new book - Developer Career Masterplan, coauthored with fellow Java luminary Bruno Souza: building...

6.9AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/12/05 12:0 a.m.9 views

This Week in Spring - December 5th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! today, Spring Cloud, based on Spring Boot 3.2, goes GA! Don't miss this! I love this blog by Spring Framework legend Sébastien Deleuze on CDS with Spring Framework 6.1 I really enjoyed this discussion with Spring Security...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/12/04 12:0 a.m.12 views

CDS with Spring Framework 6.1

As a follow-up to the Runtime efficiency with Spring blog post, I am happy to share that our exploration of Project Leyden optimizations has led to some interesting discoveries regarding the JDK's little-used CDS "Class Data Sharing" feature and has materialized into a new feature that we have be...

7.5AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/11/30 12:0 a.m.15 views

A Bootiful Podcast: Spring Security legend Laura Spilca joins us to talk Spring Authorization Server and upgrading to Spring Boot 3

Hi, Spring fans! This week, my first as an employee of Broadcom, I am joined by Spring Security community legend Laura Spilca and we talk about all things security, OAuth, and more...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/11/28 12:0 a.m.31 views

This Week in Spring - 28 November, 2023

Hi, Spring fans! I hope everyone who celebrated Thanksgiving had a wonderful time. Did you indulge in too much turkey? Anyway, let's jump into this week's edition of This Week in Spring—a particularly special one for a couple of reasons. First, it's our first issue after the launch of Spring Boot...

5CVSS5.1AI score0.01219EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/11/27 12:0 a.m.6 views

Reactor Netty HTTP Server Metrics DoS Vulnerability

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in...

5.3CVSS6.6AI score0.00906EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2023/11/27 12:0 a.m.227 views

CVE-2023-34053, CVE-2023-34055: Spring Framework and Spring Boot vulnerabilities

Updates 11-27 Blog posts updated to refer to the CVE reports published The Spring Framework 6.0.14 release shipped on November 16th includes a fix for CVE-2023-34053. The Spring Boot 2.7.18 release shipped on November 23th includes fixes for CVE-2023-34055. Users are encouraged to update as soon ...

5CVSS7.2AI score0.01219EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/11/27 12:0 a.m.8 views

Spring Boot server Web Observations DoS Vulnerability

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true:...

5.3CVSS6.8AI score0.01219EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2023/11/23 12:0 a.m.11 views

Spring Tips: Spring Boot 3.2

Hi, Spring fans! In this installment of Spring Tips, I look at the new Spring Boot 3.2 release, due to drop today, the 23rd of November 2023! 23-11-23! We're diving into the cool new features of Spring Boot 3.2 and Java 21. We'll explore how virtual threads from Project Loom make your code run...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/11/23 12:0 a.m.11 views

A Bootiful Podcast: iText Creator Bruno Lowagie

Hi, Spring fans! We're releasing Spring Boot 3.2 today! And it's Thanksgiving in the USA Happy Thanksgiving!. So, we wanted to celebrate with an amazing episode, and so today's guest is opensource legend Bruno Lowagie. Enjoy!...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/11/21 12:0 a.m.8 views

This Week in Spring - Spring Boot 3.2 edition - November 21st, 2023

Hi, Spring fans! Welcome to another epic installment of This Week in Spring! As amazing as the week's already been, it's all leading up to this Thursday - Thanksgiving day! - when we release Spring Boot 3.2! and yes, I am very grateful. This release is stuffed to the gills with a ton of new...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/11/16 12:0 a.m.17 views

A Bootiful Podcast: Google Developer Advocate, Java legend, Alexis Moussine Pouchkine

Hi, Spring fans! Happy Thanksgiving to those who celebrate! Have you tried out Spring Boot 3.2? It comes out NEXT week on the 23rd! Get the bits and try them out now! This week I am joined by Google Developer Advocate, Java legend, Alexis Moussine Pouchkine...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/11/15 12:0 a.m.7 views

Directory Traversal in Reactor Netty HTTP Server

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured t...

7.5CVSS7.1AI score0.01124EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2023/11/14 12:0 a.m.8 views

This Week in Spring - November 14th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's November 14th, and you know what that means? NINE MORE DAYS until Spring Boot 3.2 drops on the day of the US holiday of Thanksgiving, no less! Some key features include: virtual threads initial CRaC support more...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/11/09 12:0 a.m.9 views

A Bootiful Podcast: Azul Deputy CTO Simon Ritter

Hi, Spring fans! In this week's installment I talk to Azul Deputy CTO Simon Ritter @speakjava, recorded live at Devoxx Belgium 2023!...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/11/07 12:0 a.m.19 views

This Week in Spring - November 7th, 2023

Hi, Spring fans! Can you believe we've already turned the calendar page to November? Time sure is a swift developer, deploying months as if they were minor versions in an ever-evolving application. As we adjust our clocks to fall back, waving a reluctant goodbye to daylight savings time, the...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/11/07 12:0 a.m.25 views

SSL hot reload in Spring Boot 3.2.0

In Spring Boot 3.2.0, we're adding the ability for embedded web servers to hot-reload SSL certificates and keys. That means you can rotate your SSL trust material without restarting your application. Hot reloading is supported for Tomcat and Netty embedded web servers. Let's see that in action!...

6.5AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/11/02 12:0 a.m.11 views

A Bootiful Podcast: GraalVM founder and Oracle vice president Thomas Wuerthinger

Hi, Spring fans! In this installment Josh Long talks to Oracle vice president Thomas Wuerthinger about the project he created and leads, GraalVM. This was recorded live from Devoxx Belgium 2023!...

6.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/10/31 12:0 a.m.16 views

This Week in Spring - October 31st, 2023

Hi Spring fans, and Happy Halloween from the Spring team to those who celebrate! I hope your evening is fun and your day free of scary bugs! My friends, we've got some interesting stuff to look at this week so let's dive right into it. A Bootiful Podcast: Mr. Spring in Action, Craig Walls Spring...

7.4AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/10/31 12:0 a.m.18 views

What new is coming in reactor-core 3.6.0?

Reactor 3.6.0 is coming and going to be GA on November 14. This blogpost describes new features that are included in this upcoming release! Virtual Threads support Today, everyone talks about Java 21 and Project Loom. The Project Reactor team hears that and sees value in that project within our...

6.9AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/10/26 12:0 a.m.10 views

A Bootiful Podcast: Mr. Spring in Action, Craig Walls

Hi, Spring fans! This week, I'm joined by one of my longtime heroes and fellow Disney fans, Craig Walls @habuma. He wrote the most popular book on Spring, Spring in Action, while helping the world stay connected with efforts like Spring Social. This episode was recorded live at SpringOne 2023, in...

6.9AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/10/24 12:0 a.m.13 views

A Use Case for Transactions: Outbox Pattern Strategies in Spring Cloud Stream Kafka Binder

Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications Part 3: Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications Part ...

7.3AI score
Exploits0
Total number of security vulnerabilities924