Lucene search
K
SpringRecent

924 matches found

Spring Security Advisories
Spring Security Advisories
added 2024/11/26 12:0 a.m.10 views

This Week in Spring - November 26th, 2024

This Week in Spring - November 26th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! Happy Spring Boot 3.4 release month to those who celebrate! And, also, Happy Thanksgiving to those who celebrate! Spring Boot 3.4 brings with it long-anticipated updates to the entire...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/25 12:0 a.m.12 views

Bootiful Spring Boot 3.4: Start Here

Hi, Spring fans! And happy Spring Boot 3.4 release to those who celebrate! I know, I know what you're thinking: Josh, Spring Boot 3.4 already shipped! I know it. Spring Boot 3.4 dropped a week earlier this year! In the last couple of years, we’ve released Spring Boot on the same day as Thanksgivi...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/24 12:0 a.m.26 views

Bootiful Spring Boot 3.4: Spring Boot

And now we’re back where we started: Spring Boot 3.4! This release is what pulls everything together. When you look at Spring Boot, remember that it normalizes the integration of all the projects it assembles and tries, wherever possible, to smooth out whatever integration issues might arise from...

7.5AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/24 12:0 a.m.11 views

Bootiful Spring Boot 3.4: Spring Batch

The new release of Spring Batch 5.2 has a ton of features! Spring Batch is a compelling way to handle large but finite sequential data access. Think: reading from an SQL database and writing to a CSV, or reading from an FTP server and writing out an analysis of a MongoDB - batch processing. You...

7.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/24 12:0 a.m.15 views

Bootiful Spring Boot 3.4: Spring AI

I love Spring AI. It’s an amazing project designed to bring the patterns and practices of AI engineering to the Spring Boot developer. It’s got clean idiomatic abstractions that’ll make any Sring developer feel right at home, and it has a ton of integrations with all manner of different vector...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/22 12:0 a.m.15 views

What's new in Spring Modulith 1.3?

After half a year of development, Spring Modulith 1.3 GA has been released. It is packed with new features, improvements, and – best of all – community contributions. Let me walk you through some of the most interesting ones. Baseline Upgrades As usual, a new minor version of Spring Modulith...

7.5AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/21 12:0 a.m.5 views

A Bootiful Podcast: Heroku's Terence Lee

Hi, Spring fans! Happy Spring Boot 3.4.0 release day to those who celebrate! Today I'm joined by both Terence Lee, from Heroku, and my friend DaShaun Carter, and we talk about platforms, buildpacks, and more. heroku paas buildpacks,...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/19 12:0 a.m.8 views

Why Spring AI: The Seamless Path to Generative AI

Why Spring AI: The Seamless Path for Spring Developers to the World of Generative AI Intro As a Java developer exploring the world of generative AI, you’re probably aware of several frameworks that promise to make AI integration easy. I believe Spring AI stands out as the natural choice, especial...

6.7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/19 12:0 a.m.39 views

This Week in Spring - November 19th, 2024

Hi, Spring fans! How are you? Can you believe we're already staring at the end of the month? It's that time of the year when we see new releases, and the new releases reflect that frenzy! Soon: Spring Boot 3.4.0! Are you updated? Make sure you're updated! Remember: Spring projects leave open sour...

5.3CVSS6.8AI score0.00729EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/19 12:0 a.m.7 views

Spring LDAP Spring LDAP sensitive data exposure for case-sensitive comparisons

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820...

3.7CVSS5.8AI score0.00376EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2024/11/19 12:0 a.m.7 views

Spring Security Authorization Bypass for Case Sensitive Comparisons

The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly. Related to CVE-2024-38820...

4.8CVSS6.6AI score0.00385EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2024/11/15 12:0 a.m.4 views

DoS via Spring MVC controller method with byte[] parameter

Spring MVC controller methods with an @RequestBody byte method parameter are vulnerable to a DoS attack...

5.3CVSS6.7AI score0.00729EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2024/11/14 12:0 a.m.5 views

A Bootiful Podcast: engineer, CTO, teacher, and pilot Ken Sipe

Hi, Spring fans, JVM enjoyers, and cloud natives! Have I got a treat for you today! We're going to be talking to my longtime pal Ken Sipe. groovy java kotlin go rust spring jvm...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/12 12:0 a.m.11 views

This Week in Spring - November 12th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Spring Cloud 2024.0.0-RC1 aka Moorgate has been released In this installment of A Bootiful Podcast , I talk to Gradle developer advocate Baruch Sadogursky good news everybody! GraalVM will now support jcmd, which allows you t...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/07 12:0 a.m.4 views

A Bootiful Podcast: Baruch Sadogursky on Gradle, Java, developer productivity, and more

Hi, Spring fans! In this installment, I talk to legendary Gradle Developer Productivity Engineering guru formerly of JFrog and hero to the JVM-language community, Baruch Sadogursky, recorded live from Dr. Venkat Subramaniam's amazing conference, Dev2Next 2024!...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/11/05 12:0 a.m.9 views

This Week in Spring - November 5th, 2024

This Week in Spring - November 5th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 5th of November, 2024, and, um, I - an American - am desperately trying to keep calm and carry on. I did everything I can do VOTE!, and so it's with considerable enthusiasm th...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/29 12:0 a.m.14 views

This Week in Spring - October 29th, 2024

Hi, Spring fans! How're things? It's almost Halloween! I'm so excited! I'm going as a PHP program. Boooooooo...t. I'm writing this from the amazing Vaadin Create conference in Frankfurt, Germany, about to do my keynote for an amazing, Spring-loving audience here. So, without further ado, let's di...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/28 12:0 a.m.26 views

RestClient Support for OAuth2 in Spring Security 6.4

In Spring Security 6.2 and 6.3, we have worked to steadily improve configuration for applications using OAuth2 Client. Configuration for common use cases has been simplified by allowing applications to publish beans which are automatically included in the overall OAuth2 Client configuration durin...

6.7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/28 12:0 a.m.13 views

Let’s use OpenTelemetry with Spring

Introduction In the dynamic realm of observability, OpenTelemetry is a new set of tools that emerged from the now-deprecated OpenCensus and OpenTracing projects. When it comes to Spring Framework, Spring Boot, Spring Data, and Spring Cloud observability, mature solutions like Micrometer, the de...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/25 12:0 a.m.4 views

A Bootiful Podcast: GraalVM founder and BDFL Thomas Wuerthinger on GraalPy, GraalVM, and so much more

Hi, Spring fans! In this installment I talk to GraalVM founder and benevolent dictator for life Thomas Wuerthinger, recorded live from Devoxx Belgium 2024!...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/24 12:0 a.m.6 views

A Bootiful Podcast: GraalVM founder and BDFL Thomas Wuerthinger on GraalPy, GraalVM, and so much more

Hi, Spring fans! In this installment I talk to GraalVM founder and benevolent dictator for life Thomas Wuerthinger, recorded live from Devoxx Belgium 2024!...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/22 12:0 a.m.10 views

Leverage the Power of 45k, free, Hugging Face Models with Spring AI and Ollama

This blog post is co-authored by our great contributor Thomas Vitale. Ollama now supports all GGUF models from Hugging Face , allowing access to over 45,000 community-created models through Spring AI's Ollama integration, runnable locally. We'll explore using this new feature with Spring AI. The...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/22 12:0 a.m.7 views

Authorization Bypass of Static Resources in WebFlux Applications

Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true:...

9.1CVSS6.7AI score0.01726EPSS
Exploits2References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2024/10/22 12:0 a.m.21 views

This Week in Spring - October 22nd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring. I write this to you in an Uber speeding down the autobahn near Frankfurt, Germany. What a time to be alive! At the rate this driver's going, I won't have much time to write this before we've arrived, so let's dive right into...

7.5CVSS6.8AI score0.54862EPSS
Exploits7
Spring Security Advisories
Spring Security Advisories
added 2024/10/17 12:0 a.m.5 views

Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

3.1CVSS6.7AI score0.00631EPSS
Exploits1References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2024/10/17 12:0 a.m.6 views

A Bootiful Podcast: Oracle Developer Advocate Andres Almiray

Hi, Spring fans! In this installment I talk to Oracle developer advocate Andres Almiray about the latest-and-greatest in the amazing Oracle database. Oracle SQL Java JConf...

6.8AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/17 12:0 a.m.7 views

Path traversal vulnerability in functional web frameworks (2nd report)

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.6AI score0.54862EPSS
Exploits6References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2024/10/15 12:0 a.m.11 views

This Week in Spring - October 15th, 2024

Hi, Spring fans! Welcome to another rip-roaring and ever-so-riveting installment of This Week in Spring! I'm in Amsterdam, at the moment, rounding out a week between Antwerp, Beglium, and Amsterdam, the Netherlands. Today I'm off to Dubai for the fantastic GITEX/DevSlam event. Then I return back ...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/10 12:0 a.m.6 views

A Bootiful Podcast: New York Java SIG chair and founder Frank Greco on community, AI, and more

Hi, Spring fans! In this installment, I talk to New York Java SIG chair and founder Frank Greco about AI, safety, Java, community, and more!...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/08 12:0 a.m.7 views

This Week in Spring - October 8th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Antwerp, Belgium, for the amazing Devoxx Belgium 2024 event! I am so happy to be back here, one of the best shows in the Java ecosystem! We've got a lot to get into so let's dive right in! From Spring Cloud Data Flow...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/07 12:0 a.m.8 views

From Spring Cloud Data Flow 2.11.x to 3.0

Dear Spring Community, With the recent announcement of Spring Framework 7.0 and Spring Boot 4.0, the Spring Cloud Data Flow team is pleased to announce the next major release, SCDF 3.0, to align with both Spring Framework 7.0 and Spring Boot 4.0. This will bring the following SCDF ecosystem of...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/02 12:0 a.m.13 views

Supercharging Your AI Applications with Spring AI Advisors

In the rapidly evolving world of artificial intelligence, developers are constantly seeking ways to enhance their AI applications. Spring AI, a Java framework for building AI-powered applications, has introduced a powerful feature: the Spring AI Advisors. The advisors can supercharge your AI...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/01 12:0 a.m.4 views

From Spring Framework 6.2 to 7.0

Dear Spring community, Spring Framework 6.2 is shaping up for general availability in November 2024, with particularly significant revisions in the core container and in our web support: see "What's New in Spring Framework 6.2". This release is designed for use with JDK 17-23 and Jakarta EE 9-10...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/10/01 12:0 a.m.9 views

This Week in Spring - October 1st, 2024

Hi, Spring fans! it's the first of October! We're officially in the fourth quarter of 2024! Time's moving too quickly. Way too quickly. But as always, there's awesome stuff afoot, so let's dive right in! Spring Framework lead Juergen Hoeller looks at the road ahead, to Spring Framework 6.2 and...

6.9AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/09/27 12:0 a.m.10 views

AI Meets Spring Petclinic: Implementing an AI Assistant with Spring AI (Part II)

Recap of Part I In the first part of this blog series, we explored the basics of integrating Spring AI with large language models. We walked through building a custom ChatClient, leveraging Function Calling for dynamic interactions, and refining our prompts to suit the Spring Petclinic use case. ...

6.6AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/09/26 12:0 a.m.8 views

A Bootiful Podcast: Oracle Java Developer Advocate Billy Korando on Java 23, Structured Concurrency, and more

Hi, Spring fans! In this installment I talk to Java Developer advocate at Oracle, Billy Korando, about the amazing new features in Java 23 and beyond!...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/09/26 12:0 a.m.14 views

AI Meets Spring Petclinic: Implementing an AI Assistant with Spring AI (Part I)

Introduction In this two-parts blog post, I will discuss the modifications I made to Spring Petclinic to incorporate an AI assistant that allows users to interact with the application using natural language. Introduction to Spring Petclinic Spring Petclinic serves as the primary reference...

6.4AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/09/24 12:0 a.m.5 views

This Week in Spring - September 24th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in delightful Dallas, TX, at the amazing JConf.dev show. Then I'm off to Germany, and then back home to do some laundry before heading out to Denver, CO, for the amazing Dev2Next show, before then heading out to Belgium f...

7.4AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/09/19 12:0 a.m.11 views

A Bootiful Podcast: Flowable cofounder and my friend Joram Barrez on workflow, case management, AI, Spring, and so much more

Hi, Spring fans! In this installment I catch up with my friend Joram Barrez, cofounder of Flowable, an amazing and opensource workflow engine, on their latest and greatest, AI, Spring, and so much more. workflow bpmn apache2 springboot java...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/09/17 12:0 a.m.23 views

This Week in Spring - September 17th, 2024

Hi, Spring fans! Last week I was in scintilliating Seoul, Korea, and then tantalizing Tokyo, Japan, and now I'm in marvelous Mumbai, India, at the airport, actually, headed to New Delhi, India. It's been a busy week for me and even busier a week for the community, so let's dive into it! Java 23 i...

7.5CVSS7.4AI score0.14718EPSS
Exploits1
Spring Security Advisories
Spring Security Advisories
added 2024/09/12 12:0 a.m.8 views

A Bootiful Podcast: Spring creator and cofounder, Dr. Rod Johnson

In this wide-ranging interview, I finally sit down one-on-one and talk to Dr. Rod Johnson, the creator of Spring, entrepreneur, venture capitalist, engineer, father, Kotlin fan, AI researcher, and musician, about this, that, and everything in between, fresh off our recent SpringOne presentation o...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/09/12 12:0 a.m.5 views

Path traversal vulnerability in functional web frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.9AI score0.14718EPSS
Exploits1References1
Spring Security Advisories
Spring Security Advisories
added 2024/09/10 12:0 a.m.9 views

This Week in Spring - September 10th, 2024

Hi, Spring fans! Or, I suppose: 안녕하세요, Spring 팬 여러분! I'm writing this from a café in scintillating Seoul, Korea. It's amazing. I've been talking to developers of all stripes who are using and building upon Spring to do all sorts of cool stuff. And tomorrow, it's off to jolly Japan. I'll be...

7.3AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/09/06 12:0 a.m.8 views

A Bootiful Podcast: Sébastien Deleuze on Spring Framework and Kotlin, GraalVM, Project Leyden, AppCDS, runtime efficiency, Kotlin, and more

Dive deep into the world of Spring Framework and Kotlin, GraalVM, Project Leyden, AppCDS, runtime efficiency, Kotlin, and more, with the one and only Sébastien Deleuze! From runtime efficiency to all things Kotlin, this episode is packed with expert insights and valuable information. Don't miss o...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/09/03 12:0 a.m.8 views

This Week in Spring - September 3rd, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's September 3rd, and I'm still buzzing from the last week's SpringOne extravaganza! Also: I'm tired. Last week was nuts. I'm super glad it happened, but I'm tired. And also buzzing. You know? Surely you don't. I hope not...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/08/30 12:0 a.m.6 views

A Bootiful Podcast: Tanzu's Cloud and Spring legend Chris Sterling

Hi, Spring fans! In this installment I talk to the Tanzu legend Chris Sterling, who works on making Spring an even more valuable part of a platform. This episode was recorded live at the epic SpringOne 2024 event!...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/08/29 12:0 a.m.17 views

Spring Boot CDS support and Project Leyden anticipation

How can Spring Boot developers improve the runtime efficiency of their applications with minimal constraints in order to enjoy those benefits on most applications? The answer is the CDS support introduced by Spring Boot 3.3 which allows you to start your Spring Boot applications faster and consum...

7.2AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/08/27 12:0 a.m.20 views

This Week in Spring - August 27th, 2024 - SpringOne 2024 edition

Hi, Spring fans, from the expo hall of SpringOne at VMware Explore 2024! There's a livestream of some of the key talks - register and watch for free now at SpringOne.io. Right now I'm hanging out at the expo hall manning a booth and doing demos to the hoardes of people streaming by, but I'll be...

6.3CVSS6.8AI score0.00123EPSS
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/08/23 12:0 a.m.9 views

A Bootiful Podcast: Vaadin developer advocacy legend Marcus Hellberg

Hi, Spring fans! In this installment, I talk to Vaadin developer advocacy legend Marcus Hellberg about the lates-and-greatest in the wide and wonderful world of Spring...

7.1AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2024/08/23 12:0 a.m.15 views

Structured logging in Spring Boot 3.4

Logging is a long established part of troubleshooting applications and one of the three pillars of observability, next to metrics and traces. No one likes flying blind in production, and when incidents happen, developers are happy to have log files. Logs are often written out in a human-readable...

7AI score
Exploits0
Total number of security vulnerabilities924