Signature Forgery Vulnerability in Spring Boot's Loader

Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another...

Spring AI with NVIDIA LLM API

Spring AI now supports NVIDIA's Large Language Model API, offering integration with a wide range of models. By leveraging NVIDIA's OpenAI-compatible API, Spring AI allows developers to use NVIDIA's LLMs through the familiar Spring AI API. We'll explore how to configure and use the Spring AI OpenA...

This Week in Spring - August 20th, 2024

Hi, Spring fans! Welcome to another installment in This Week in Spring! And happy week-before-SpringOne! I'm so excited I could spit! As you might imagine, AI, cloud native architecture, and so much more are top-of-mind. I love AI, and all its many applications. In that spirit, let's get ChatGPT ...

Missing Authorization When Using @AuthorizeReturnObject

Applications using @AuthorizeReturnObject or the Spring Security produced AuthorizationAdvisorProxyFactory @Bean to wrap objects may not have all security advice applied. When method security advice is not applied, it means that annotations like @PreFilter and @PreAuthorize may take no affect on...

A Bootiful Podcast: Gradle and Develocity engineer and Spring community legend Eric Haag

Hi, Spring fans! In this episode I talk to Gradle and Develocity engineer and Spring community legend Eric Haag...

Spring Expression DoS Vulnerability

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language SpEL expression that may cause a denial of service DoS condition. Specifically, an application is vulnerable when the following is true:...

Spring Framework DoS via conditional HTTP request

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack...

This Week in Spring - August 13th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's Tuesday and work is well underway to prepare for the huge SpringOne event in Las Vegas in just a few short week's time! I'm elated! So, let's get this roundup on the road so I can get back to the preparation frenzy...

Spring AI Embraces OpenAI's Structured Outputs: Enhancing JSON Response Reliability

OpenAI recently introduced a powerful feature called Structured Outputs, which ensures that AI-generated responses adhere strictly to a predefined JSON schema. This feature significantly improves the reliability and usability of AI-generated content in real-world applications. Today, we're excite...

A Bootiful Podcast: Spring Cloud Dataflow, Spring Cloud Task, and Spring Batch legend Glenn Renfro

Hi, Spring fans! In this installment, I talk to Spring Cloud Dataflow, Spring Cloud Task, and Spring Batch legend Glenn Renfro...

Spring Tips: HTMX

Hi, Spring fans! HTMX is the progressive hypertext sensation that's sweeping the process of web app creation, and - thanks to a nice integration by Spring community legend Wim Deblauwe, it's easier than ever to use it with Spring Boot and Thymeleaf. And, it's the topic of today's installment! jav...

This Week in Spring - August 6th, 2024

It's August! Egads, has that come quickly! AUGUST. The eigth month of the year, and we're almost done with the first week, in fact! It's not that I'm not grateful to be here, but, yah, wow that was quick. And, of course, the month of my all time double dutch favorite conference, SpringOne,...

A Bootiful Podcast: Observability legend Jonatan Ivanov on the latest and greatest in Micrometer

Hi, Spring fans! In this installment we talk to observability legend Jonatan Ivanov about the latest and greatest in the wide and wonderful world of observability. Turns out a library that's used by countless projects including and beyond the Spring ecosystem keeps quite busy!...

Spring AI with Groq - a blazingly fast AI inference engine

Faster information processing not only informs - it transforms how we perceive and innovate. Spring AI, a powerful framework for integrating AI capabilities into Spring applications, now offers support for Groq - a blazingly fast AI inference engine with support for Tool/Function calling...

Spring Tips: Spring Security method security with special guest Rob Winch

Hi, Spring fans! In this installment I have special guest Spring Security lead Rob Winch give us a master class in how the method security support works and some of its new features. Come for the security, stay for the incredible opportunity to look over a senior engineer's shoulders as he explai...

This Week in Spring - July 29th, 2024

Hi Spring fans! Welcome to another installment of This Week in Spring! It's July 29th, 2024! I can hardly believe it! We're less than a month away from SpringOne 2024! Have you registered for either in-person attendance or the free livestreams yet? As always, we've got a ton of stuff to cover so...

Spring AI with Ollama Tool Support

Earlier this week, Ollama introduced an exciting new feature: tool support for Large Language Models LLMs. Today, we're thrilled to announce that Spring AI 1.0.0-SNAPSHOT has fully embraced this powerful feature, bringing Ollama's function calling capabilities to the Spring ecosystem. Ollama's to...

A Bootiful Podcast: Cloud Legend Mark Fynes

Hi, Spring fans! In this installment I talk to Mark Fynes. Mark’s a field principal with Tanzu at Broadcom, building platforms with our Pivotal/VMWare/Broadcom customers for the past 10 years. Passionate technologist, working closely with developers, architects, IT-operations, security architectu...

This Week in Spring - July 23rd, 2024

Hi, Spring fans! It's such an exciting time to be alive! I hope you're doing well. It's nearly the end of July, already! Time is flying and as always the community has not disappointed with their incredible content. Let's dive right into it! have you registered for SpringOne 2024 yet? I love this...

A Bootiful Podcast: Digital Accessibility Architect, Java and Groovy legend, Scott Davis

Hi, Spring fans! In this episode I talk to Java ecosystem legend Scott Davis...

Spring Tips: Proxies

Hi, Spring fans! In this installment we look at the use of JDK and CGLIB-based proxies in Spring, and demystify their application Java SpringBoot SpringFramework Architecture DesignPatterns oop...

This Week in Spring - July 16th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the middle of July! I can't believe it! Things have been just rushing by! did you see this awesome talk on observability by Tommy Ludwig and Jonatan Ivanov from Spring IO 2024? What is a ReadWriteLock? Spring for GraphQL...

A Bootiful Podcast: Cloud Native Cora Iberkleid on architecture, Spring Modulith, and more

Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! In today’s episode, I talk to cloud native Cora Iberkleid about the awesome modular sensation that’s sweeping applications, Spring Modulith!...

This Week in Spring - July 9th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's been! We've got a lot to get into, so let's dive right in. I quite liked this talk, Continuations: The magic behind virtual threads in Java by Balkrishna Rawool @ Spring I/O 2024 In last week's episode of...

Spring AI - Groq AI inference

Faster information processing not only inform—it transforms how we perceive and innovate. Spring AI, a powerful framework for integrating AI capabilities into Spring applications, now offers support for Groq - a blazingly fast AI inference engine with supports for Tool/Function calling. Because...

A Bootiful Podcast: JobRunr creator Ronald Dehuysser

Hi, Spring fans! Happy 4th of July, if you celeberate! In this installment of A Bootiful Podcast, I talk to JobRunr.io creator Ronald Dehuysser, recorded live from the amazing Spring IO 2024 show in beautiful Barcelona, Spain!...

Spring Tips: Testcontainers, Docker Compose, and Service Connections, oh my

Hi, Spring fans! In this installment, we look at the amazing service connection mechanism in Spring Boot. Service connections are what allow Spring Boot to connect to Testcontainers or Docker Compose containers for supporting infrastructure like SQL databases, middleare, and more. java...

This Week in Spring - July 2nd, 2024

Hi, spring fans! Welcome to another amazing installment of This Week in Spring! In last week's installment of A Bootiful Podcast, recorded a few weeks ago at Spring IO, I talked with Spring Security legend Laur Spilca In last week's installment of Spring Tips, I looked at a number of ways you cou...

A Bootiful Podcast: Spring Security community legend Laur Spilca

Hi, Spring fans! In this installment I talk to Spring Security community legend Laur Spilca, live from the Spring I/O show in beautiful Barcelona!...

Spring Tips: Go Further, Faster with Spring Boot 3.3 (UPDATED)

NB: I had an error in the AppCDS demo in the older video. This video supercedes that video, with a re-recorded segment on AppCDS. Make sure you're watching the latest of these two similarly titled videos! Hi, Spring fans! In this installment we look at ways to make your applications go further,...

This Week in Spring - June 25th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I'm in beautiful Amsterdam, having visited with customers and spoken at a local Java User Group. Now I'm off to lovely London, UK. Last week I was in Krakow, Poland, for the amazing Devoxx PL event, and in Par...

Spring Tips: Further, Faster with Spring Boot 3.3

Hi, Spring fans! In this installment we look at ways to make your applications go further, faster, with AppCDS, GraalVM, AOT on the JRE, and Project CRaC coordinate restore at checkpoint springboot java graalvm programming coding...

A Bootiful Podcast: Thomas Vitale, author of Cloud Native Spring in Action

Hi, Spring fans! In today's episode I'm thrilled to sit down with my friend and Cloud Native Spring in Action author Thomas Vitale. This episode was recorded live at the amazing Spring IO 2024 event...

Spring Cloud Function Web DOS Vulnerability

Description In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is...

This Week in Spring - June 18th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! I've just come from Paris, France, and now I'm in equally beautiful Krakow, Poland, for the amazing Devoxx PL event. We've got a ton of good stuff to dive into, so let's get going! In last week's installment of Spring Tips, I...

Spring Tips: Introducing Spring Modulith

Hi, Spring fans! In this installment we look at the amazing Spring Modulith project. It's goal is to help you better structure your codebase for architectural scalability. It's an amazing and refreshing approach to building applications. Think of it like a chance to pair program on the architectu...

A Bootiful Podcast: Abdel Sghiouar, Cloud Native Developer Advocate at Google

Hi, Spring fans! Abdel Sghiouar is a senior Cloud Native Developer Advocate at Google, a co-host of the Kubernetes Podcast by Google and a CNCF Ambassador, and it was my pleasure to sit down with him at the amazing Spring IO event in Barcelona and catch up on all things Kubernetes and Google...

This Week in Spring - June 11th, 2024

This Week in Spring - June 10th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Paris, France, to talk to organizations using and working with Spring. Then, next week, it's off to Krakow, Poland, for the amazing Devoxx PL event! I can't wait. If you're around,...

A Bootiful Podcast: Jetbrains Developer Advocate Pasha Finkelshteyn

Hi, Spring fans! In this week's installment I talk to Jetbrains' Developer Advocate Pasha Finkelshteyn...

Spring Tips: Spring AI Redux

Hi, Spring fans! In this installment, brought to you with permission from the amazing Spring I/O 2024 conference event in Barcelona, Spain, I join Spring AI engineer Christian Tzolov for a keynote introducing some of the amazing new features in Spring AI. artificialintelligence ai springboot java...

This Week in Spring - June 4th, 2024

Hi, Spring fans, from London! I'm in this fabulous country doing my level-headed best to refrain from dooing Mr. Bean bits, because, honestly, if I - an avid and prolific fan of Spring and its many beans - can't be "Mr. Bean," then I'm glad Rowan Atkinson is! I'm here for a SpringOne Tour event,...

A Bootiful Podcast: Microsoft's Sandra Ahlgrimm on cloud, Java, AI, and more

Hi, Spring fans, from the amazing Spring IO conference in Barcelona, Spain! In this interview I talked to Microsoft's Sandra Ahlgrimm on all things cloud, Java, AI, and more. Also, a special and quick discussion with Spring IO founder Sergi Almar, who was last on the show in, I think, 2020!...

This Week in Spring - May 27th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it will be! I'm in Venice, Italy, on a little vacation, but tomorrow I begin a quick journey to beautiful Sofia, Bulgaria, where I'll be speaking at the amazing JPrime software show it's my first time speaking...

SBOM support in Spring Boot 3.3

Spring Boot 3.3.0 has been released, and it contains support for SBOMs. SBOM stands for "Software Bill of Materials" and describes the components used to build a software artifact. In the context of this blog post, that's your Spring Boot application. These SBOMs are useful because they describe...

A Bootiful Podcast: Tagir Valeev, Fellow Java Champion and IntelliJ IDEA Java legend

Hi, Spring fans! In today's installment we talk to Tagir Valeev, a fellow Java Champion and IntelliJ IDEA Java legend. Also: don't forget to try out the just-released Spring Boot 3.3 release!...

Arbitrary File Write Vulnerability in Spring Cloud Data Flow

Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api...

Deploy and Scale Spring Batch in the Cloud – with Adaptive Cost Control

May 21, 2024, at 9 AM PST You can now use Azure Spring Apps to effectively run Spring Batch applications with adaptive cost control. You only pay when batch jobs are running, and you can simply lift and shift your Spring Batch jobs with no code change. Spring Batch is a framework for processing...

This Week in Spring - May 21st, 2024

Welcome to another installment of This Week in Spring! It's been yet another amazing and exciting week and with it a bevy of new releases. And of course, in about a week's time, we will find ourselves at Spring IO, ready to show a lot of these new things. Will you be there? I will! Anyway, let's...

A Bootiful Podcast: Oleg Šelajev, Docker and Testcontainers legend

Hi, Spring and Testcontainers fans! In this interview, I talk to Oleg Šelajev...

This Week in Spring - May 14th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week's highlights in the Spring ecosystem emphasize the ongoing advancements and applications of Spring AI. The discussions range from exploring the impressive VectorStore abstraction and enhanced structured output suppo...