-
Spring boot creates by default some random credentials. As `omniscient` uses oauth2, there's no need for that.
-
```
What steps will reproduce the problem?
1. m-s-m master branch with Spring Security
2. Re-using the session id after log-in causes a redirect to login page after
login. Possibly some kind of race …
-
When using `org.openrewrite.java.security:OwaspTopTen` recipe, it call `org.openrewrite.java.security.spring.CsrfProtection` recipe that use deprecated `WebSecurityConfigurerAdapter` Spring class.
Wh…
-
## CVE-2023-20863 - Medium Severity Vulnerability
Vulnerable Library - spring-expression-5.3.21.jar
Spring Expression Language (SpEL)
Library home page: https://spring.io/projects/spring-framework
P…
-
## CVE-2021-22096 - Medium Severity Vulnerability
Vulnerable Libraries - spring-web-5.2.0.M2.jar, spring-webmvc-5.2.0.M2.jar, spring-core-5.2.0.M2.jar
spring-web-5.2.0.M2.jar
Spring Web
Library ho…
-
There are currently issues with running spring framework with security manager enabled. This issue is to investigate the issues and determine if we should fix them.
-
Details need to be filled in for this issue. At a high level there is evidence that Spring Security uses tokens that are not compliant with JWT security tokens and this causes issues if a Spring appl…
-
At DefaultStateMachineExecutor.java:232 you are catching Exception (AccessDeniedException), so SMListener is never notified about error (?). Is there any other way of knowing about security error?
-
WDYT? Is this publication in scope?
```
@inbook{Chari_2003,
author = {Chari, Suresh and Rao, Josyula R. and Rohatgi, Pankaj},
booktitle = {Cryptographic Hardware and Embedded Systems - CHES 2002},
…
aewag updated
2 weeks ago
-
Checkmarx is warning about several vulnerable dependencies, including
spring-boot-starter-web
spring-boot-starter-test
junit-jupiter.
Investigate whether updates are available.