Just watched @gregturn video about #maven (below)

I recently got excited by #gradle (https://github.com/dashaun/dev.dashaun.service.gateway)

I switched back to #maven for new projects, since then, for 2 reasons:

1. ‘mvnd’ provides speed boost for inner-loop development

2. The #maven pom.xml has a #schema that makes programmatic modifications possible and consistent. I have a #SpringShell based CLI that I use to modify the pom.xml.

https://youtu.be/jwrOoYd2eZs

I'm adding a #spring for #graphql component to my #springshell project so I can interact with https://api.hashnode.com

I have a little #springshell project to publish some of my #hugo articles, from my #github repository, to other platforms like dev.to

Who else is ready to take #springshell 3.0.0-SNAPSHOT to production?

https://dev.to/dashaun/k3s-knative-ubuntu-raspberry-pi-45i0

Spring Boot 3.0 is done, and all other projects arrived in time. But wait, not all. Again, we're waiting for Spring Shell to be finished. How sad.
#springboot #springshell

#3GoodThings

🍀 Got lots of work done
🍀 Was able to play around with #SpringShell and #SpringModulith
🍀 Made pancaces 🥞

@gossithedog same for me and #Spring4Shell or #SpringShell. My team did a bunch of work (including teaching devs how to do dependency checks 🙄​) and all I did was send emails twice a day after a 15 minute meeting!

SpringShell vulnerability detailed explanation https://unit42.paloaltonetworks.com/cve-2022-22965-springshell/ #SpringShell #spring #vulnerability #security

RT @JFrogSecurity
We've just published an OSS tool that searches compiled code (JAR/WAR binaries) for web apps potentially vulnerable to #SpringShell. Feedback is welcome!

https://github.com/jfrog/jfrog-spring-tools

#Springshell: un nuevo 0-day que golpea el core de Spring #0_day #amenazas #java #seguridad_web #vulnerabilidades https://www.hackplayers.com/2022/03/springshell-rce-core-spring.html

RT @Laughing_Mantis
There appears to be a yet another critical deserialization RCE flaw this time in Java Spring Core that has the potential to be weaponized rather easily.

This is *NOT* CVE-2022-22963 (Thanks for the correction @DennisF )

#SpringShell #Spring4Shell

https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html?m=1

RT @Laughing_Mantis
There appears to be a yet another critical deserialization RCE flaw this time in Java Spring Core that has the potential to be weaponized rather easily.

This is *NOT* CVE-2022-22963 (Thanks for the correction @DennisF )

#SpringShell #Spring4Shell

https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html?m=1

The original tweet about the alleged #SpringShell RCE (from now deleted @80vul / #KnownSec):

"[latest warning] Spring core RCE (JDK >=9)"