Blog (page 2)

Common Maven fixes for transitive CVEs

CVE-2021-29425 - commons-io vulnerability fix Apache commons-io versions 2.6 or below contain a vulnerability in the FileNameUtils class that opens an application up to directory traversal attacks. Paths containing ../ will not be normalized resulting in a path being passed that could cause the application to access files unintended by the developer. Older versions of …

Forwarded Headers Example in Spring

When configuring one or more Spring Boot applications behind a netscaler, load balancer, or reverse proxy, it is possible that the URI’s presented at the browser level do not align with those which are being referenced within Spring. In such a configuration, it is helpful to have the external URL. Take for example a situation …

Spring Milestone and Snapshot Maven Repositories

If you want to access milestone releases, snapshots, nightly builds, and release candidates, you will need some extra configuration in your pom.xml file as these aren’t usually published to Maven central. You can access these by adding the following to the main block of your pom.xml file: Adding snapshot versions of Spring dependencies is as easy …

IntelliJ Spring Boot Starter Not Found Error

I frequently encounter what I suspect is a Maven issue within IntelliJ when attempting to change the version of a Spring Boot Starter Parent. It also sometimes happens upon the initial addition of any Maven parent dependencies into a project’s pom.xml file. This usually results in the following error within IntelliJ’s Problems tab: …

Git BFG Examples for Removal of Secrets

Sometimes you may commit a file or accidentally push data into remote which contains sensitive information. Passwords, private keys, personal information, etc. can be easily removed from Git and the repository history using the BFG repo cleaner utility. The following steps outline how to remove any sensitive information from your repository as well as …

Spring Cloud Function Example for AWS Lambdas

The Spring Cloud Function library combined with Spring Boot is an excellent way to create an application framework which can run quickly and easily within an AWS Lambda. This article will guide you on how to create a Spring Cloud Function and deploy this application within an Amazon AWS Lambda function. Getting Started with Spring Cloud …

SpringBootRequestHandler is now Deprecated

Prior to version 3 of Spring Cloud, an application had to extend the SpringBootRequestHandler which provided a number of different request handler methods which could be overridden to define how your application functioned when invoked in a lambda-like context. For example, here is what your codebase would have looked like prior to Spring Cloud version …