Two new (and unrelated) vulnerabilities (CVE-2022-22965) and (CVE-2022-22963) have been published at the same time, creating confusion and headaches for all involved trying to remediate them. It is important to understand that these two vulnerabilities are not related. They affect different libraries and require different vectors of attack. What exactly are these vulnerabilities? CVE-2022-22965 - identifies the ability …
Last updated: December 20, 2021 The following is a workaround in order to patch the CVE-2021-44228 Remote Code Execution (RCE) vulnerability inside of Amazon AWS’s EMR service using bootstrap scripts that have been provided by the AWS team. These remediation steps are also applicable to CVE-2021-45046. A short note on CVE-2021-44228 This vulnerability affects Log4j2 versions 2.15 …
The following examples use Apache’s Commons Codec library which is available on Maven Central by using the following dependency in your pom.xml file. Reading and Writing a Base64 String Example The following code will allow you to read or decode a Base64 encoded String in Java. This is useful for data that is short or limited in …
By default, Netty version 4 and lower are configured with Host verification disabled. While this is helpful during debugging or developing an application, it can become a security issue if brought in production. There are a number of steps involved in certificate verification, one of these is to compare the hostname of the client or …
Spring’s JdbcAggregateTemplate gives you more granular control over the operations that are being performed on your database. JdbcAggregateTemplate exposes operations that are used by Spring Repositories internally, allowing you to invoke database operations that would not otherwise be available using a standard JDBC Repository. This template can be useful for situations when you want to …
When using Spring JDBC, there are a number of callbacks available to the developer that can be used to intercept various lifecycle stages of entities within the scope of JDBC. BeforeSaveCallback is used in Spring after an insert or update operation but before the actual database operation has occurred. This gives you the opportunity check …
As part of the Spring 5.0 release, a large number of the Asynchronous HTTP classes have been deprecated in favor of Spring’s new reactive ClientRequest and WebClient classes. Here is a before and after on how you can update your RestTemplate code to the latest non-deprecated way of performing API calls in Spring. Deprecated AsyncRestTemplate Example Here …
