Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/apiguardian/apiguardian-api/1.1.2/apiguardian-api-1.1.2.jar MD5: 8c7de3f82037fa4a2e8be2a2f13092af SHA1: a231e0d844d2721b0fa1b238006d15c6ded6842a SHA256:b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile apiguardian-api-1.1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
The AspectJ weaver applies aspects to Java classes. It can be used as a Java agent in order to apply load-time
weaving (LTW) during class-loading and also contains the AspectJ runtime classes.
License:
Eclipse Public License - v 2.0: https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/aspectj/aspectjweaver/1.9.24/aspectjweaver-1.9.24.jar MD5: d95bb9406a5351d45a02145777b9a241 SHA1: 9b5aeb0cea9f958b9c57fb80e62996e95a3e9379 SHA256:75e4227fb7dc5f97c3d4689cd1c2439f4db0bd18cea2fa242c4656cd93c599aa Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile aspectjweaver-1.9.24.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-role-spring@5.0-ALPHA-3
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/net/bytebuddy/byte-buddy/1.15.11/byte-buddy-1.15.11.jar MD5: 603bc53c7a294f23765bfb7e1820ad44 SHA1: f61886478e0f9ee4c21d09574736f0ff45e0a46c SHA256:fa08998aae1e7bdae83bde0712c50e8444d71c0e0c196bb2247ade8d4ad0eb90 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile byte-buddy-1.15.11.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
High quality UI controls and other tools to complement the core JavaFX distribution
License:
The 3-Clause BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/controlsfx/controlsfx/11.0.0/controlsfx-11.0.0.jar MD5: 8476c5f2b8e53057ced89957b5800a41 SHA1: b6d091db1c3323eaa11d7c95b36f7830c4814689 SHA256:7b9373284bdb94bdaf4a47a4c86097ab7e944135170c06e0db0c564e721b5992 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:runtime controlsfx-11.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.jfxtras/jmetro@11.6.14
An abstract description of a simple message bus to be used within an application.
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-messagebus/5.0-ALPHA-3/it-tidalwave-messagebus-5.0-ALPHA-3.jar MD5: 6e854cf06e3912f37f2c8b865c835c83 SHA1: a419a06764c44e83364c831fd3615e5d8ce221ab SHA256:2169d03735e48e256d63bc0aada79ee920b7f44b2802fa6fa5784da44733ff76 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile it-tidalwave-messagebus-5.0-ALPHA-3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
Roles are a powerful way for designing complex behaviours while keeping good practices such as Single Responsibility, Dependency Inversion and
Interface Segregation.
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role/5.0-ALPHA-3/it-tidalwave-role-5.0-ALPHA-3.jar MD5: 317704421a25571fd7ae9cfbf7d35d1e SHA1: 9b2b8ef03139eb1d9033dc06d91e4a274efe3947 SHA256:23dcb4adf1b407e28fe2cac95cb2ccbca8039fc458b3af0d70dff3ab7fa5afdb Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile it-tidalwave-role-5.0-ALPHA-3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-role-spring/5.0-ALPHA-3/it-tidalwave-role-spring-5.0-ALPHA-3.jar MD5: 9737e3ceb99d03b80dcf28443936b3ff SHA1: eb7266aca452ab5d5ea0692c2e51ceeff840710b SHA256:a7b7f41cef2705c73d779d5812097a2cfedcd7bf4527a39163724af652dd9cc5 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile it-tidalwave-role-spring-5.0-ALPHA-3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
File Path: /Volumes/LocalData/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/checkout/steelblue-src/3.0-ALPHA-5/modules/Core/target/it-tidalwave-ui-core-3.0-ALPHA-5.6e4c1e955e6e.jar MD5: 3909e638181a84d0ab795719921ce22d SHA1: e143957fb507e27bf6df7753e7f4ee4060317b58 SHA256:8c50dc2e9d8310a56ff34829698782a304ed5b1e490f7814e488abf33e7ec81d Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile it-tidalwave-ui-core-3.0-ALPHA-5.6e4c1e955e6e.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/it/tidalwave/thesefoolishthings/it-tidalwave-util/5.0-ALPHA-3/it-tidalwave-util-5.0-ALPHA-3.jar MD5: 388db401372813eb3c5d27cbea6003d5 SHA1: b5ca0cea5f435818fc460cbbc56af6ed461855cc SHA256:504c7f09d642419b9ba45455d088c7f8cea9661200064ced325a24901407118d Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile it-tidalwave-util-5.0-ALPHA-3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/jakarta/annotation/jakarta.annotation-api/3.0.0/jakarta.annotation-api-3.0.0.jar MD5: 7faffaab962918da4cf5ddfd76609dd2 SHA1: 54f928fadec906a99d558536756d171917b9d936 SHA256:b01f55552284cfb149411e64eabca75e942d26d2e1786b32914250e4330afaa2 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile jakarta.annotation-api-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/jakarta/inject/jakarta.inject-api/2.0.1/jakarta.inject-api-2.0.1.jar MD5: 72003bf6efcc8455d414bbd7da86c11c SHA1: 4c28afe1991a941d7702fe1362c365f0a8641d1e SHA256:f7dc98062fccf14126abb751b64fab12c312566e8cbdc8483598bffcea93af7c Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile jakarta.inject-api-2.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-base/11.0.1/javafx-base-11.0.1-mac.jar MD5: 94933060e439fba99478e14fcf2d1b02 SHA1: 2b9ca67aea06b0ea7aa0e740498fc97c822b307e SHA256:2d8052a08fd2e5d98e1d5a16d724ea5dd02102879de20a193225f57199803983 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile javafx-base-11.0.1-mac.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.openjfx/javafx-base@11.0.1
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-base/11.0.1/javafx-base-11.0.1.jar MD5: b85ce0631dae83fe643fbd32ccd08e4c SHA1: f1354a284f4151d20358e776f6ff68ee35bbb96d SHA256:c5084a74417a89c69a0c122fae96a4b70bf619fc3d6218ea102a4047ec85ad04 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile javafx-base-11.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-controls/11.0.1/javafx-controls-11.0.1-mac.jar MD5: f321c782b9bf158a630cb0a7bea73644 SHA1: 0538fd08a4ecd76788766a69c19e90b4cc0179f8 SHA256:148468742e957b765d5ac6d5ba66ce983e1acdf582c191bb35dbfe8cdefdb314 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile javafx-controls-11.0.1-mac.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.openjfx/javafx-controls@11.0.1
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-controls/11.0.1/javafx-controls-11.0.1.jar MD5: 2e18fc95e4aa7ce325cefa67b9f61f3d SHA1: 61cf91bf3494d0616216f49c9e1d183d170adf0a SHA256:71be28dc4d80744ba541fc50d933729e8703fe1e642ae92037f6fccc7f961971 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile javafx-controls-11.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-fxml/11.0.1/javafx-fxml-11.0.1-mac.jar MD5: a835057792b4fc1aa7d6c4bea9547add SHA1: 352a51a0f0cb13cf83a081b5dd5526acd4fbab30 SHA256:56f9a32b3a1fc76c761bd40c16917ed1675c8d5dcbe492a44ce9ee2391e27139 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile javafx-fxml-11.0.1-mac.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.openjfx/javafx-fxml@11.0.1
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-fxml/11.0.1/javafx-fxml-11.0.1.jar MD5: 6e4c64769d877a47edbdd0023d89a074 SHA1: f290c13d7e984d880c9f114f38c2da949ef18d54 SHA256:546fc449f01cd0bbe51a921f9d3f0e5d8764764480caca4a709e681e7ad0b6cf Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile javafx-fxml-11.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-graphics/11.0.1/javafx-graphics-11.0.1.jar MD5: ff0579b2b89bfc26f6eb73f812076a1b SHA1: e062cb01783effc6413abbd94d1838f6b0add209 SHA256:f597c672a4337a75ba856f38cf548c524b039f452423c34b55653e56c306733d Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile javafx-graphics-11.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.openjfx/javafx-controls@11.0.1
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-media/11.0.1/javafx-media-11.0.1-mac.jar MD5: 0fe8c8a554463368c7534af091814066 SHA1: bc699ffbb3f3b7862ad4399e8696809eda796d60 SHA256:8aaacfdf086006100b43a81c1d2e818f58b4dace8037c932fad2b8adb95beee7 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile javafx-media-11.0.1-mac.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.openjfx/javafx-web@11.0.1
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-media/11.0.1/javafx-media-11.0.1.jar MD5: 3c64d2f98b177ba5e63df8f92eeac962 SHA1: fd095047b7d06f6c7b16afe8cf9dffccab5d4494 SHA256:e15b9abf2b4a339a30984d815df62ca91d04fdd77c45401cbdbbb073dfa1d924 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile javafx-media-11.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.openjfx/javafx-web@11.0.1
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/openjfx/javafx-web/11.0.1/javafx-web-11.0.1.jar MD5: c7c3e3d5ae36020e1d98eeb176a972a0 SHA1: f9da5b47b8b4ba38933ce31af2089d9f92976785 SHA256:f70eec7835e2ce8c85fdf81ff1266fd8c1c3343d062a59ed2be041331d7518b5 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile javafx-web-11.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/jfxtras/jmetro/11.6.14/jmetro-11.6.14.jar MD5: 2dbdab0d96cf0b0d9d886a5f618b2d21 SHA1: e7a760f00799966e257a4fae37ab13563f461af9 SHA256:d05af705f5fafb1fd2a12131671809796937bef95a94f8913ab25636f3263694 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile jmetro-11.6.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar MD5: dd83accb899363c32b07d7a1b2e4ce40 SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:provided jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.3
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!
License:
The MIT License: https://projectlombok.org/LICENSE
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/projectlombok/lombok/1.18.38/lombok-1.18.38.jar MD5: 789cacd8d3969e9d23e6e6baec747f70 SHA1: 57f8f5e02e92a30fd21b80cbd426a4172b5f8e29 SHA256:1e1e427c36ff63c44fd30ef292d9e773ea3154460ab6265d3fed7e6f5bc50fb9 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:provided lombok-1.18.38.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/io/micrometer/micrometer-commons/1.14.5/micrometer-commons-1.14.5.jar MD5: 0be73dc7b0067614939038a5c513e940 SHA1: 6201a40489ccedc9539c5f7a2c84e9e64702bf10 SHA256:e98485ffecb7d8cc9af47cfe627ea8bf3897915dd0f34b3e3a190d6896875b4b Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile micrometer-commons-1.14.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework/spring-context@6.2.6
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/io/micrometer/micrometer-observation/1.14.5/micrometer-observation-1.14.5.jar MD5: 1cc820f1baf9c84bfc92300f6890c6f5 SHA1: b23dff6bf07a29f67fdae8f3f3f8f1c78fa7b126 SHA256:7cfbf714abdf3779c820ff19712199ac9bae03d2f0e809ba8e74c3663c12128a Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile micrometer-observation-1.14.5.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework/spring-context@6.2.6
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar MD5: b6480d114a23683498ac3f746f959d2f SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile slf4j-api-2.0.17.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.thesefoolishthings/it-tidalwave-messagebus@5.0-ALPHA-3
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/com/github/spotbugs/spotbugs-annotations/4.9.3/spotbugs-annotations-4.9.3.jar MD5: 6149845e438bd5a34ebaf81f8bc9e243 SHA1: 4d362bffcfdfd734999e94d7d98fde678aae71cf SHA256:13532bfe2f45fcd491432221df72d9cd0efb8f987c9245e12befa192c8925ce3 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:provided spotbugs-annotations-4.9.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-context/6.2.6/spring-context-6.2.6.jar MD5: 026d0114f36db4c411533e2b5bb56999 SHA1: ae08b2ec4a49ab7acb0b5eea7c309363139d54ad SHA256:c0b16aea693b6b8e5350c3f3adbed21b88d9e84ec0d8bb3adea5575e9a515ffb Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile spring-context-6.2.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/it.tidalwave.steelblue/it-tidalwave-ui-javafx@3.0-ALPHA-5
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks.
Affected Spring Products and Versions
Spring Framework:
* 6.2.0 - 6.2.6
* 6.1.0 - 6.1.19
* 6.0.0 - 6.0.27
* 5.3.0 - 5.3.42
* Older, unsupported versions are also affected
Mitigation
Users of affected versions should upgrade to the corresponding fixed version.
Affected version(s)Fix Version Availability 6.2.x
6.2.7
OSS6.1.x
6.1.20
OSS6.0.x
6.0.28
Commercial https://enterprise.spring.io/ 5.3.x
5.3.43
Commercial https://enterprise.spring.io/
No further mitigation steps are necessary.
Generally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation.
For setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields.
Credit
This issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2025-22233 for details
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /Volumes/Users/fritz/Business/Tidalwave/Projects/WorkAreas/Tidalwave/tidalwave.bitbucket.io/repository/org/springframework/spring-core/6.2.6/spring-core-6.2.6.jar MD5: fc1ca03f275ed5b67a6d4a93ddf78482 SHA1: 4639dac5fc46cb6a9f6eb2709decfb90313e0f2c SHA256:77628fba8bb8d059be0fb355a9716fefb808b5c7d9ed9c574a4a264140404352 Referenced In Project/Scope: SteelBlue :: JavaFX Bindings:compile spring-core-6.2.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework/spring-context@6.2.6