• RHEL 10 Overview: Features, Updates, and Derivatives Comparison

    Find out what's new in RHEL 10 and get a comparison of RHEL derivatives like AlmaLinux 10 and Rocky Linux 10 to determine if RHEL is still worth the cost.

  • Should You Pay For Middleware Tools?

    With the wide variety of open source middleware technologies available, is there any reason teams should still be paying for middleware tools?

  • CVE-2025-22235

    NVD Listing: NVD - CVE-2025-22235

    EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: * You use Spring Security * EndpointRequest.to() has been used in a Spring Security chain configuration * The endpoint which EndpointRequest references is disabled or not exposed via web * Your application handles requests to /null and this path needs protection You are not affected if any of the following is true: * You don't use Spring Security * You don't use EndpointRequest.to() * The endpoint which EndpointRequest.to() refers to is enabled and is exposed * Your application does not handle requests to /null or this path does not need protection

    CVE-2025-22235
    Spring Boot
    2.7.20-OL
    spring-boot-actuator
    7.3

  • CVE-2024-38807

    NVD Listing: NVD - CVE-2024-38807

    Applications that use spring-boot-loader or spring-boot-loader-classic and contain custom code that performs signature verification of nested jar files may be vulnerable to signature forgery where content that appears to have been signed by one signer has, in fact, been signed by another.

    CVE-2024-38807
    Spring Boot
    2.7.21-OL
    spring-boot-loader
    6.3