I am using ShaPasswordEncoder with X iterations in my application with spring boot version 1.5.10.
Now I am upgrading my Spring boot version to 2.6.6 for which I have to upgrade Spring-security version too. In spring-security version 5.2.1 please suggest how can I match my existing encoded passwords with ShaPasswordEncoder with X iterations?
Related
I resolve some fixes vulnerabilites in a java application and we have a critical issue https://nvd.nist.gov/vuln/detail/cve-2016-1000027 the point here is the current version of springboot is 2.7.2 and migrate version for use springboot 3.0.0 the camel 3 context not load, Does anyone know if spring boot 3 is compatible with any version of camel3?
Camel 4 will support Spring Boot 3. Until then, I'd recommend upgrading to the latest Spring Boot 2.7.x release.
I have spring boot project version 2.7.0.
I use the dependency-check and it reports CVE-2022-22976.
Do you know how I can solve it?
Spring security version is 5.7.1 while spring starter security version is 2.7.0.
It's a false positive that will be automatically suppressed with the upcoming release 7.1.1: https://github.com/jeremylong/DependencyCheck/issues/4563
Currently, the Spring Boot starter for Spring Security is mistaken with Spring Security itself.
Until then you'll need to suppress it manually with something like
<suppress base="true">
<notes><![CDATA[
FP per issue #4563
]]></notes>
<packageUrl regex="true">^pkg:maven/org\.springframework\.boot/spring-boot-starter-security#.*$</packageUrl>
<cpe>cpe:/a:vmware:spring_security</cpe>
</suppress>
There is a vulnerability (https://nvd.nist.gov/vuln/detail/CVE-2021-22047) discovered in spring-data-rest-webmvc which is only fixed in versions 3.4.14 and 3.5.6. Spring Boot 2.3.12 uses the version 3.3.9. Migrating to spring boot 2.4.x or above is not an option for us.
We would like to use spring-data-rest-webmvc:3.4.14, but we are not sure if it's compatible with spring boot 2.3.x.
Can we use them together?
Spring Data Rest version 3.4 and up use Spring Framework version 5.3.x.
Spring Boot 2.3 is build with Spring Framework 5.2.x.
Will it work, probably, but there are no garanties that it will keep working or work at all. Most like it will fail with some NoSuchMethodError or ClassNotFOundExceptions or other exotic expetions one gets when mixing modules/jars from different versions of a framework.
Currently my application is running in spring 3.1.0. I have planned to implement swagger in it. Please advise me which springfox runs in spring 3.1.0
We were starting to build a new web application and thought of using Spring 4.0. We wanted to use Spring security as well and I can see only 3.2.6 version is available for that. Just wanted to check if it is compatible with 4.0 or not?
Yes .Spring Security latest version 3.2.0 is built against Spring 3.2.6 , but it is tested against Spring 4.
If you use Maven , you have to resolve its transitive dependencies when using Spring 4 with Spring Security 3.2 .
For more information , please see this