Safeguard
Tag

spring-boot

Safeguard articles tagged "spring-boot" — guides, analysis, and best practices for software supply chain and application security.

9 articles

Application Security

Preventing mass assignment in Spring MVC and Spring Boot

CWE-915 mass assignment lets one extra JSON field turn a profile update into a privilege escalation — here's how DTOs beat @JsonIgnore in Spring.

Jul 14, 20266 min read
Application Security

Java DTOs for secure data handling

A single @RequestBody bound to a JPA entity can let attackers set fields like isAdmin — DTOs close that gap by design, not by discipline.

Jul 12, 20266 min read
Container Security

Using jlink to Build Minimal, Lower-Attack-Surface Java Docker Images

jlink has shipped with every JDK since Java 9 in 2017, yet most Spring Boot images still ship a full 300MB+ JDK. Here's how to fix that.

Jul 8, 20266 min read
Application Security

Robust input validation in Spring Boot: Bean Validation and its bypasses

Bean Validation (JSR-380) looks like a solved problem in Spring Boot, but nested DTOs, list elements, and unannotated service methods routinely skip validation silently.

Jul 8, 20266 min read
Application Security

The most common Spring Boot security misconfigurations, and how to fix them

CVE-2026-40976 let anonymous users hit /actuator/env and /actuator/heapdump on default Spring Boot 4 filter chains, CVSS 9.1 — here's how to actually harden Spring Boot.

Jul 8, 20266 min read
Application Security

Thymeleaf SSTI risk patterns: how a tab character bypassed a Java template sandbox

CVE-2026-40478 shows how a single tab character bypassed Thymeleaf's expression sandbox, turning misused templates into remote code execution.

Jul 8, 20266 min read
Security Guides

Spring Boot Security Best Practices: Hardening the Defaults

Spring Boot's convenience defaults can quietly widen your attack surface. Here's how to harden actuators, dependencies, and auto-configuration for 2026.

Jul 1, 20265 min read
Open Source Security

Spring Dependency Management Supply Chain

Spring Boot's dependency management is the unsung hero of the Java ecosystem, and it is also a supply chain seam worth understanding. Here is how BOMs, starters, and transitive version coercion shape what actually ships.

Apr 30, 20247 min read
Application Security

Spring Boot Security and Dependency Management

Securing Spring Boot applications with dependency management BOMs, vulnerability scanning, and hardened configurations.

Sep 20, 20234 min read
spring-boot — Safeguard Blog