JPA supports eager and lazy fetch of child entities. If you’re not careful with the lazy fetch strategy it can result in excessive queries as… The post JPA native queries with eager fetch a...
https://www.dontpanicblog.co.uk/2024/03/27/jpa-native-queries-with-eager-fetch-and-sqlresultmapping/
CVE-2023-34034 is another authorization bypass in Spring Security. Like CVE-2022-31692 it’s nasty because it allows completely unrestricted access to supposedly protected resources. Also like C...
https://www.dontpanicblog.co.uk/2023/12/09/cve-2023-34034-spring-security-authorization-bypass/
CVE-2022-31692 is a vulnerability in Spring Security that allows authorization bypass when running with specific configurations. The good news is that only very specific configurations… The p...
https://www.dontpanicblog.co.uk/2023/11/20/cve-2022-31692-spring-security-authorization-bypass/
When an application loads classes using multiple ClassLoaders, unexpected behaviours can arise. For example, consider a class loaded by two different classloaders: Result is: All… The post Cl...
https://www.dontpanicblog.co.uk/2023/06/01/classes-in-multiple-classloaders/
If you're invoking external processes it is vitally important to handle the standard out and standard error streams. Otherwise, the parent process may block - it gets stuck without throwing an Ex...
https://www.dontpanicblog.co.uk/2023/05/07/handling-blocked-process-output-stream/
do you delete a directory in Java? java.io.File defines a method delete() that deletes a file or directory. If only it were that simple. The post Delete a directory in Java appeared first on D...
https://www.dontpanicblog.co.uk/2023/04/13/delete-a-directory-in-java/
CVE-2022-42889 Text4Shell is a vulnerability in the Apache Commons Text library. Like previous brand-name vulnerabilities Log4Shell and Spring4Shell, it’s a Remote Code Execution (RCE) vulnerab...
https://www.dontpanicblog.co.uk/2023/03/11/cve-2022-42889-text4shell/
Here’s a silly gotcha in the Java language. I’ve got a method that parses a String to an int and returns a default value if… The post parseLong vs parseDouble appeared first on Don't Pan...
https://www.dontpanicblog.co.uk/2023/02/21/parselong-vs-parsedouble/
Using JUnit for testing System.exit() calls from application code can be tricky. This is because System.exit() terminates the JVM running it. If you're running JUnit, this is the JUnit runner. If...
https://www.dontpanicblog.co.uk/2022/10/30/testing-system-exit/
Redis has some excellent documentation on time complexity of operations on the various data structures. However, it's harder to find information on memory performance of Redis data structures. In...
https://www.dontpanicblog.co.uk/2022/08/21/memory-performance-of-redis-data-structures/