Chelsie  Towne

Chelsie Towne

1592468059

This Week in Spring - June 16th, 2020

I’ve got a few upcoming speaking engagements you might be interested in. I’ll be speaking (virtually) at the San Francisco JUG on June 24th at 6:30 PM. Join me!

Can’t make it to the (virtual) SF JUG appearance? On June 30th, VMware Tanzu (where the Spring team lives) will be hosting one of my workshops, also on Reactive Spring. I’m going to cover tons of stuff: R2DBC, Reactor, Spring WebFlux, Spring WebFn, reactive Spring Data for SQL and NoSQL, RSocket, reactive security, reactive service orchestration, and composition patterns, and more. This is going to be at an ideal time for EU timezones, so please register now.

I’ll be presenting about Bootiful Testing for the upcoming Jetbrains Technology Day for Java on July 10th, 2020 at 10 am-11 am CEST.

I’ll also be doing an upcoming webinar on Wavefront-powered observability with Tanzu Wavefront team member Sushant Dewan on June 24th at 10:00 AM PST. You don’t want to miss this!

#spring

What is GEEK

Buddha Community

This Week in Spring - June 16th, 2020
Brain  Crist

Brain Crist

1594753020

Citrix Bugs Allow Unauthenticated Code Injection, Data Theft

Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.

The Citrix products (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.

Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.

Attacks on the management interface of the products could result in system compromise by an unauthenticated user on the management network; or system compromise through cross-site scripting (XSS). Attackers could also create a download link for the device which, if downloaded and then executed by an unauthenticated user on the management network, could result in the compromise of a local computer.

“Customers who have configured their systems in accordance with Citrix recommendations [i.e., to have this interface separated from the network and protected by a firewall] have significantly reduced their risk from attacks to the management interface,” according to the vendor.

Threat actors could also mount attacks on Virtual IPs (VIPs). VIPs, among other things, are used to provide users with a unique IP address for communicating with network resources for applications that do not allow multiple connections or users from the same IP address.

The VIP attacks include denial of service against either the Gateway or Authentication virtual servers by an unauthenticated user; or remote port scanning of the internal network by an authenticated Citrix Gateway user.

“Attackers can only discern whether a TLS connection is possible with the port and cannot communicate further with the end devices,” according to the critical Citrix advisory. “Customers who have not enabled either the Gateway or Authentication virtual servers are not at risk from attacks that are applicable to those servers. Other virtual servers e.g. load balancing and content switching virtual servers are not affected by these issues.”

A final vulnerability has been found in Citrix Gateway Plug-in for Linux that would allow a local logged-on user of a Linux system with that plug-in installed to elevate their privileges to an administrator account on that computer, the company said.

#vulnerabilities #adc #citrix #code injection #critical advisory #cve-2020-8187 #cve-2020-8190 #cve-2020-8191 #cve-2020-8193 #cve-2020-8194 #cve-2020-8195 #cve-2020-8196 #cve-2020-8197 #cve-2020-8198 #cve-2020-8199 #denial of service #gateway #information disclosure #patches #security advisory #security bugs

Were  Joyce

Were Joyce

1620720872

Spring vs Spring BooDifference Between Spring and Spring Boot

As an extension of the Spring Framework, Spring Boot is widely used to make development on Spring faster, more efficient and convenient. In this article, we will look at some of the parameters were using Spring Boot can drastically reduce the time and effort required in application development.

What is Spring?

Spring Boot

Difference between Spring and Spring Boot

Advantages of Spring Boot over Spring

Conclusion

#full stack development #spring #spring and spring boot #spring boot

Were  Joyce

Were Joyce

1623559620

Spring Native turns Spring apps into native executables

Spring Native beta release leverages GraalVM to compile Spring Java and Kotlin applications to native images, reducing startup time and memory overhead compared to the JVM.

Spring Native, for compiling Spring Java applications to standalone executables called native images, is now available as a beta release. Native images promise faster startup times and lower runtime memory overhead compared to the JVM.

Launched March 11 and available on start.spring.io, the Spring Native beta compiles Spring applications to native images using the GraalVM multi-language runtime. These standalone executables offer benefits including nearly instant startup (typically fewer than 100ms), instant peak performance, and lower memory consumption, at the cost of longer build times and fewer runtime optimizations than the JVM.

#spring native turns spring apps into native executables #spring native #spring #native executables #spring apps

Sigrid  Farrell

Sigrid Farrell

1623821400

Spring Data 2020.0 - New and Noteworthy in Spring Data for Apache Cassandra 3.1

Spring Data 2020.0.0 ships with Spring Data for Apache Cassandra 3.1. This release ships with numerous enhancements that refine existing functionality and introduce support for selected Cassandra 4 features:

  • Reactive auditing
  • Reactive SpEL support in @Query query methods.
  • Configuration of the keyspace per Statement through CqlTemplate and QueryOptions.
  • Revised CqlOperations with new queryForStream(…) methods returning a Stream with transparent pagination.
  • DataClassRowMapper to map Cassandra results to data classes via constructor creation/bean properties

#[object object] #spring #spring data 2020.0 #apache cassandra 3.1 #spring data

Were  Joyce

Were Joyce

1623424020

Spring Framework Tutorial

What is the spring framework in Java?

The spring framework is one of the most versatile frameworks in java which is used to bring down the complexity of the development of enterprise-grade applications. The first production release of the spring framework was in March 2004 and since then, this robust and open-source framework has gained tremendous popularity, so much so that it is often referred to by developers all around the world as the “framework of frameworks”. Spring is a loosely coupled, open-source application framework of java. It is lightweight and the inversion of the control container for the Java platform. A large number of Java applications use the core features of the spring framework. In addition to that, extensions have also been developed to allow developers to develop Web Applications on top of the Java Enterprise Edition platform.

#spring #spring-framework #java #spring framework tutorial #why should one learn about the spring framework? #what is the spring framework in java?