Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve diagnostics in SpEL for large array creation #28145

Closed
sbrannen opened this issue Mar 8, 2022 · 3 comments
Closed

Improve diagnostics in SpEL for large array creation #28145

sbrannen opened this issue Mar 8, 2022 · 3 comments
Assignees
@sbrannen
Labels
in: core Issues in core modules (aop, beans, core, context, expression) status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement
Milestone
5.3.17

Comments

@sbrannen
Copy link
Member

sbrannen commented Mar 8, 2022

Attempting to create a large array in a SpEL expression can result in an OutOfMemoryError. Although the JVM recovers from that, we should throw an exception with a meaningful error message in order to improve diagnostics for the user.
@sbrannen sbrannen added in: core Issues in core modules (aop, beans, core, context, expression) type: enhancement A general enhancement labels Mar 8, 2022
@sbrannen sbrannen added this to the 5.3.17 milestone Mar 8, 2022
@sbrannen sbrannen self-assigned this Mar 8, 2022
@artem-smotrakov
Copy link

Hi @sbrannen Does this address CVE-2022-22963?

@sbrannen
Copy link
Member Author

Does this address CVE-2022-22963?

No. That CVE is specific to Spring Cloud Function. See the corresponding blog post for details.

@artem-smotrakov
Copy link

artem-smotrakov commented Mar 30, 2022
edited
Loading

@sbrannen Oh sorry, I meant CVE-2022-22950 in Spring Framework. Does this commit address CVE-2022-22950?

@jhoeller jhoeller mentioned this issue Mar 31, 2022
Closed
@jhoeller jhoeller added status: backported An issue that has been backported to maintenance branches and removed for: backport-to-5.2.x labels Mar 31, 2022
This was referenced Apr 19, 2022
Open
Closed
This was referenced Apr 26, 2022
Open
Open
This was referenced May 9, 2022
Open
Open
This was referenced May 9, 2022
Closed
Closed
This was referenced May 9, 2022
Open
Open
This was referenced May 9, 2022
Open
Open
This was referenced May 9, 2022
Open
Open
This was referenced May 9, 2022
Closed
Closed
@AASMACMX AASMACMX mentioned this issue Feb 26, 2023
Open
This was referenced Feb 9, 2023
Open
Open
@cxronen cxronen mentioned this issue Feb 21, 2023
Open
This was referenced Mar 14, 2023
Open
Open
This was referenced Mar 2, 2023
Open
Open
This was referenced Feb 15, 2023
Open
Open
Open
Open
This was referenced Jun 27, 2023
Open
Open
Open
This was referenced Apr 26, 2023
Open
Open
This was referenced May 25, 2023
Open
Open
This was referenced Jul 10, 2023
Open
Open
This was referenced Aug 17, 2023
Closed
Closed
anfit pushed a commit to anfit/spring-framework that referenced this issue Oct 16, 2023
@sbrannen
Improve diagnostics in SpEL for large array creation
e7da321 
Attempting to create a large array in a SpEL expression can result in
an OutOfMemoryError. Although the JVM recovers from that, the error
message is not very helpful to the user.

This commit improves the diagnostics in SpEL for large array creation
by throwing a SpelEvaluationException with a meaningful error message
in order to improve diagnostics for the user.

Closes spring-projectsgh-28145
anfit pushed a commit to anfit/spring-framework that referenced this issue Oct 18, 2023
@sbrannen
Improve diagnostics in SpEL for large array creation
b207f56 
Attempting to create a large array in a SpEL expression can result in
an OutOfMemoryError. Although the JVM recovers from that, the error
message is not very helpful to the user.

This commit improves the diagnostics in SpEL for large array creation
by throwing a SpelEvaluationException with a meaningful error message
in order to improve diagnostics for the user.

Closes spring-projectsgh-28145
@cyates-checkmarx cyates-checkmarx mentioned this issue Jun 23, 2023
Closed
This was referenced Jun 6, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sbrannen sbrannen

Labels
in: core Issues in core modules (aop, beans, core, context, expression) status: backported An issue that has been backported to maintenance branches type: enhancement A general enhancement
Projects
None yet
Milestone
5.3.17
Development

No branches or pull requests
3 participants
@sbrannen @jhoeller @artem-smotrakov