A new zero-day vulnerability in the Spring Core Java framework called 'Spring4Shell' has been publicly disclosed, allowing unauthenticated remote code execution on applications.

Like much in the Java world, what began as an in-the-wild innovation, Spring, has been in part absorbed by standard specification. In this case, JSR-330 is the Java standard.

Spring framework 4.0 will debut Thursday with new features including HTML5/WebSocket, REST, and support for Java 8.

Spring Framework 5.0, featuring a new reactive web framework, was released on September 28, 2017. With this release, Spring 5.0 has its entire codebase based on Java 8 source code level. Spring 5.0 is ...

Spring is a popular framework, and the vulnerability is a reminder of the importance of knowing what your apps depend on, and how those dependencies are used. Costlow added: "While open source code is ...

The Spring Framework originated in 2004 as an alternative to cumbersome and confusing software development frameworks, notably J2EE, that dominated the Java landscape at the turn of the century. The ...