OpenLogic SLA-backed open source database support and services helps teams realize the benefits of open source database software without the risks.
The migration path to Bootstrap 5 is difficult due to several major changes introduced and basically requires a full rewrite. Get help planning your migration to Bootstrap 5 in this blog
OL CVE Issue Summary:
An issue was discovered in `WEBrick`, a simple HTTP server bundled with `Ruby`, where it had not checked the `Transfer-Encoding` header value rigorously. An attacker may potentially exploit this issue to bypass a `reverse proxy` (which also has a poor header check), which may cause an `HTTP Request Smuggling attack`.
OL CVE Issue Summary:
Fixed a race condition in the DefaultServlet, where concurrent GET and PUT/DELETE requests for the same resource could result in inconsistent file metadata. Under specific misconfigurations, this inconsistency could allow a resource to be accessed during upload or deletion. The fix ensures resource metadata remains consistent across concurrent read and write operations.
OL CVE Issue Summary:
Denial-of-Service via TLS handshake: This fix supports TLS 1.3 client-initiated re-keying and imposes internal handshake queue limits, closing a path where a malicious TLS handshake could trigger an uncontrolled memory allocation and lead to an OutOfMemoryError.
OL CVE Issue Summary:
Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration
OL CVE Issue Summary:
Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration
OL CVE Issue Summary:
Apache Kafka Client: Arbitrary file read and SSRF vulnerability
See how OpenLogic supports Spring Boot and the Spring Framework.
