my blog. for you.

Let’s talk digital.

I’m an independent IT consultant and entrepreneur in the Internet and software business. I’m interested in design, enterprise applications, web apps and SaaS products. I design and develop business solutions and applications. I help companies in terms of software quality and knowledge transfer, e.g. with Angular and Spring Boot.

Spring Boot Tip: HTTP Request Logging with CommonsRequestLoggingFilter

Martin Hock recently published this tip on how to enable HTTP "request logging using CommonsRequestLoggingFilter to capture detailed information about incoming request": 🚀 Advanced Spring Tip 🚀HTTP Request Logging with CommonsRequestLoggingFilterEnable request logging using CommonsRequestLoggingFilter to capture detailed information about incoming requests. 🔥https://t.co/Sb1QyJ4GY6#SpringTip #Java— Martin Hock (@mnhocktweets) December 14, 2023 Read more

Spring Framework RCE Vulnerability With War File Deployments on Tomcat

Yesterday, an RCE vulnerability in the Spring Framework has been announced: Spring Framework RCE, Early Announcement CVE-2022-22965: Spring Framework RCE via Data Binding on JDK 9+ While, as of now, only WAR deployments of Spring Boot applications running under Apache Tomcat seem to be affected, it is still recommended to upgrade to Spring Boot 2.6.6 as soon as possible, even for Spring-based applications deployed as a JAR, because "the vulnerability is more general, and there may be other ways to exploit it that have ... Read more

The Recent Log4j2 Vulnerability and How to Address it in Spring Boot Applications

By now, you probably will have heard about the Log4Shell 0-day exploit in Log4j 2 already. Since this is relevant to every Java developer and potentially every Java and hence - by extension - every Spring Boot application out there, I'd like to address this issue and how to mitigate it in Spring Boot applications. When using the default settings without any other dependencies, Spring Boot applications in general won't be vulnerable because Spring Boot uses Logback in its starter dependencies. However, if your ... Read more

Article Suggestion: “Provide Contextual Information in Log Messages”

Software developer Tom Hombergs recently wrote an article about making log statements more useful by providing context in order to make it easier for a developer who uses your libraries or builds upon your code to find out what the actual cause of an error is. The blog post contains many pertinent examples of both good and bad log output. Seemingly trivial improvements such as making your log output more helpful and explicit can make a huge difference and save a lot of ... Read more