80% of Spring framework downloads are exploitable versions

Data from Sonatype suggests that 80 percent of weekly Spring framework downloads are still exploitable versions.

Spring is a mighty popular framework—often ranking in the top three most-used Java frameworks. That’s why the Java developer community was shaken when a vulnerability named Spring4Shell (CVE-2022-22965) was leaked by a security researcher ahead of an official CVE publication.

Spring4Shell allows unauthenticated remote code execution. This week, the US...

Spring4Shell vulnerability could have ‘a larger impact’ than Log4j

A newly-discovered zero-day vulnerability known as Spring4Shell could have “a larger impact” than Log4j.

Log4j made waves in recent months as the vulnerability in the popular open-source logging library enabled attackers to break into systems, steal passwords and logins, extract data, and infect networks with malicious software.

However, attention is now shifting to the Spring4Shell exploit.

Spring4Shell is a zero-day remote code execution (RCE)...

Apps will soon need to be submitted to the App Store using Xcode 13

Apple has reminded developers that apps will soon need to be submitted to the App Store using Xcode 13.

From 25 April 2022, Apple will only accept the submission of apps that are built using the latest version of its IDE.

“iOS, iPadOS, and watchOS apps submitted to the App Store must be built with Xcode 13, which includes the SDKs for iOS 15, iPadOS 15, and watchOS 8,” wrote Apple on its developer site.

Apple goes on to tout how Xcode 13 enables developers...

These programming languages were most in-demand in 2021

Coding Dojo has released its annual review of the programming language skills most sought after from employers.

For its research, Coding Dojo scours jobs listing site Indeed. The company looks at what languages appear most in job descriptions and compares their prevalence with previous years to identify trends that could give you an advantage.

Python retained its lead in 2021 as the language which cropped up in the most (~70,500) job descriptions. Rounding out the top...

2022 Java Developer Productivity Report: Teams aren’t realising the promise of microservices

The latest edition of Perforce’s annual Java Developer Productivity Report highlights that teams aren’t realising the full promise of microservices and CI/CD.

Developers are often finding that microservices and CI/CD are decreasing their productivity rather than improving. 

Among CI/CD users, 42 percent of respondents report build completion times of over five minutes. The most common (33%) response was build times exceeding 10 minutes.

The highest...

GitHub’s Mermaid support enables developers to quickly create diagrams

GitHub has added native support for Mermaid—enabling developers to quickly generate diagrams.

According to GitHub, both open-source and enterprise developers see a productivity boost of around 50 percent when provided with detailed documentation. Rich, visual formats often help to better present information.

Last month, GitHub added support for .svg files to comments in issues, PRs, discussions, and Markdown files like READMEs. However, GitHub says that it recognises...

State of Software Security v12: Don’t become complacent, but we’ve come a long way

Veracode’s latest State of Software Security report highlights that applications are, on average, more secure than ever.

Getting the negatives out the way first, the report warns about the devastating “domino effect” that one vulnerability can have on software across the globe.

One clear example of this in action was the SolarWinds attack in which hackers inserted malicious code into the company’s Orion software. Every company and organisation using Orion was...

Rust vulnerability enables attackers to delete files and directories

Maintainers of the Rust programming language have warned of a critical vulnerability that enables attackers to delete files and directories.

In a security advisory, the Rust Security Response Working Group wrote:

“The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable to a race condition enabling symlink following (CWE-363).

An attacker could use this security issue to trick a privileged program into...

Déjà vu: Python wins TIOBE Programming Language of the Year

According to TIOBE, Python was the programming language that stole developers’ hearts in 2021.

It’s the second time in a row that Python has been crowned the TIOBE Programming Language of the Year.

Last month, TIOBE Software CEO Paul Jansen floated the possibility that C# may take the crown for the first time after posting the highest rating growth (+2.21%) in the top 20 of the TIOBE Index in December.

"It is interesting to note that C# has never won the...

Swift Playgrounds 4.0 removes the need for a Mac to publish apps

Apple has released Swift Playgrounds 4.0, enabling users to build and submit their apps solely using an iPad.

Swift Playgrounds was initially released in 2016 as an educational tool and development environment for Apple’s latest native programming language, which was released a couple of years prior.

The iPad version of Swift Playgrounds arrived first before a macOS version was released last year. However, a Mac has always been required to actually publish an...