VMware Tanzu Spring Security: Automatic Protection Arrangement

In VMware Tanzu Spring Security, an important security measure can be taken for automatic security adjustments. Updated Software comes with Sicherheitsleck Stopft.

Anzeige

Spring Security has an Authentication and Zugriff Control Framework configuration like Standard for Spring Fundamentals. in Einer Sicherheitsmitteilung warns Spring-Security-EntwicklerBenefit from Gewissen Umständen in Spring Webflux-Anwendungen, Spring-Security-Autorisierungsregeln auf statistische Ressourcen einsetzen, jene Regeln umgehbar sind (CVE-2024-38821, CVSS) 9.1“Risk”critical“). A Web Flow Anwendung, Spring’s Support for Static Resources, and a “nothing done” – Regel for New Resources.

Spring Security: Verwundbare Versions

Die Sicherheitslücke betrifft Spring Security 5.7.0-5.7.12, 5.8.0-5.8.14, 6.0.0-6.0.12, 6.1.0-6.1.10, 6.2.0-6.2.6, 6.3.0-6.3 .3 no other version, no other version. Versions 5.7.13, 5.8.15, 6.0.13 and 6.1.11 with Enterprise Support. Updated Versions 6.2.7 and 6.3.4 are available with the Open Source Software Release.

In addition to taking and installing existing security measures, Spring Security also brings critical security measures in terms of risks. Andernfalls says Angreifer is a game and likes Schwachstelle zu missbrauchen.

After Sicherheitslücken I use VMware Tanzu Spring Framework. I made a lot of updates and these updates caused Entwickler to lose a lot of things. As long as you don’t have to worry about it, you can’t wait to get it done.

(DMK)