Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
20,097 Commits 1 Branch 0 Tags 507 MiB
TypeScript 66.5%
Java 21.7%
JavaScript 9.4%
CSS 1%
Shell 0.6%
Other 0.7%
5faaff38ba
Go to file
subratadeypappu 5faaff38ba
fix: CVE-2024-38821 (#41188) 
## Description
CVE-2024-38821 is an authorization-bypass affecting Spring WebFlux apps
that apply non-permitAll rules to static resources. The fix for
CVE-2024-38821 is in Spring Security 6.3.4+.
[Ref](https://spring.io/security/cve-2024-38821)

Mitigation Strategy:
We are upgrading Spring Boot to 3.3.13 which officially manages Spring
Security versions. Spring Security 6.3.10 is well beyond the minimum
required 6.3.4+


### Verification

Verification Results:
1. Spring Security Version Check:  SECURE
Current Version: Spring Security 6.3.10
Vulnerable Range: 6.3.0-6.3.3
Status:  NOT VULNERABLE - Version 6.3.10 is well beyond the vulnerable
range
2. All Spring Security Components Verified:  SECURE
 spring-security-web: 6.3.10
 spring-security-oauth2-client: 6.3.10
 spring-security-oauth2-core: 6.3.10
 spring-security-oauth2-jose: 6.3.10
 spring-security-config: 6.3.10
 spring-security-crypto: 6.3.10
 spring-security-test: 6.3.10
3. No Vulnerable Versions Detected:  CLEAN
 No Spring Security 6.3.0-6.3.3 versions found
 No vulnerable Spring Security components detected

Fixes #`Issue Number`  
_or_  
Fixes `Issue URL`
> [!WARNING]  
> _If no issue exists, please create an issue first, and check with the
maintainers if the issue is valid._

## Automation

/ok-to-test tags="@tag.Sanity"

### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17201170729>
> Commit: d588e5da0afe52b94730871b77ada4ab9b92c20e
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17201170729&attempt=1"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
> Spec:
> <hr>Mon, 25 Aug 2025 07:17:32 UTC
<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit

* **Chores**
* Upgraded Spring Boot parent to 3.3.13 to improve stability,
compatibility, and maintenance.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-08-25 18:04:59 +06:00
.cursor chore: Enhanced Task Implementation Capabilities of Cursor. (#40774) 2025-05-27 12:46:35 +05:30
.github chore: remove AWS_ROLE_ARN from deployment workflow and update deploy… (#41039) 2025-06-25 18:21:38 +05:30
app fix: CVE-2024-38821 (#41188) 2025-08-25 18:04:59 +06:00
contributions chore: fix typos in markdown documentation (#39464) 2025-02-27 11:49:08 +05:30
deploy fix: use bitnamilegacy images temporarily (#41176) 2025-08-13 10:42:10 +05:30
scripts chore: update cleanup dp to delete merged PRs (#41045) 2025-06-26 11:04:15 +05:30
static README update: small copy updates, new intro video, and short blurb on Appsmith Agents (#40359) 2025-04-25 19:27:33 +05:30
.coderabbit.yaml chore: Updated the coderabbit tone of voice (#36946) 2024-10-17 17:46:52 +05:30
.deepsource.toml
.editorconfig feat: Make images adaptable to support both Postgres and MongoDB uris (#36424) 2024-09-19 21:45:46 +05:30
.env.example chore: Remove Algolia, we don't use it anymore (#37664) 2024-11-23 21:38:04 +05:30
.gitignore chore: Enhanced Task Implementation Capabilities of Cursor. (#40774) 2025-05-27 12:46:35 +05:30
.imgbotconfig
.nojekyll
app.json test: Enable server tests for the PRs with base PG branch (#33429) 2024-05-22 15:55:20 +05:30
appsmith_events.md
appsmith_templates.md
ci-debug.sh ci: CI optimisation to reduce ci-test run time and modularise docker image building (#21219) 2023-03-10 12:51:32 +05:30
CODE_OF_CONDUCT.md
CODEOWNERS Update CODEOWNERS (#40366) 2025-04-24 21:34:50 +05:30
CONTRIBUTING.md
depot.json
Dockerfile feat: add git route aspect for branch handling (#41097) 2025-07-21 14:11:34 +05:30
heroku.yml
IssuesReport.md
LICENSE
README.md Update README.md cloud link (#40692) 2025-05-19 20:34:48 +05:30
SECURITY.md

README.md

Appsmith Logo

Discord GitHub commit activity YouTube Channel Subscribers YouTube Channel Views

Organizations build custom applications like dashboards, admin panels, customer 360, IT automation, and service management tools to help their teams work more efficiently and effectively. Appsmith is an open-source low-code platform that streamlines custom application development, deployment, and maintenance. Learn more on our website.

Appsmith in 100 secs

Installation

There are two ways to start using Appsmith:

  • Signup on Appsmith Cloud.
  • Install Appsmith on your machine. See the installation guides below.
Installation Methods Documentation
Docker Docker (Recommended)
Kubernetes Kubernetes
AWS AWS AMI

For other deployment options, see the Installation Guides documentation.

Development

To build and run Appsmith in your local dev environment, see Setup for local development.

Learning Resources

Need Help?

Appsmith Agents

Introducing a new agentic AI platform that integrates the latest AI models with private and proprietary data at scale — inside the tools and systems that teams use every day. Appsmith Agents expands generative AIs capabilities for the millions of knowledge workers in sales, support, customer success, human resources, and other business teams. By giving continuous context to AI models, Appsmith Agents lets teams ask questions and configure automations specific to their business without model fine-tuning or complex RAG implementations. Visit appsmith.com/ai to learn more.

Contributing

We ❤️ our contributors. We're committed to fostering an open, welcoming, and safe environment in the community.

📕 We expect everyone participating in the community to abide by our Code of Conduct. Please read and follow it.
🤝 If you'd like to contribute, start by reading our Contribution Guide.
👾 Explore some good first issues.

Let's build great software together.

Top Contributors

Nikhil-Nandagopal mohanarpit sharat87 hetunandu trishaanand riodeuno nidhi-nair vicky-primathon Aishwarya-U-R satbir121 sumitsum AnaghHegde arunvjn NandanAnantharamu ankitakinger nayan-rafiq abhvsn jsartisan Rishabh-Rathod ohansFavour sbalaji1192 sarojsarab SatishGandham AmanAgarwal041 prsidhu ayushpahwa sneha122 ApekshaBhosale Parthvi12 yatinappsmith somangshu pratapaprasanna pranavkanade albinAppsmith marks0351 nsarupr ashit-rath NilanshBansal sondermanish KelvinOm dhruvikn rajatagrawal areyabhishek subrata71 ichik dipyamanbiswas07 rahulbarwal ankitsrivas14 vsvamsi1 brayn003 sharanya-appsmith vivonk dvj1988 ramsaptami rohan-arthur jacquesikot danciaclara kocharrahul7 riteshkew srix laveena-en RakshaKShetty Rishabhkaul sandeepravi tejasahluwalia dilippitchika nerbos rlnorthcutt kevinblanco AbhaySM tomjose92 andreevanatasha LagunaElectric sribalajig infinitetrooper RoopKrrish9696 bharath31 GreenFlux shadabbuchh harshilp24 appsmith-bot momcilo-appsmith shwetha-ramesh vasanthappsmith parth-appsmith chandannkumar jnikhila vinay-appsmith ame-appsmith btsgh Sripriya93 pranayagarwal96 kamakshibhat-appsmith sujdev7 BharghaviK carinanfonseca deepikaappsmith Harshask93 cssonic kavitasmoolya NeelPattani1 rashmi-sahoo-git michael-peach-appsmith akash-codemonk Tooluloope rishabhsaxena wmdev0808 Irongade techbhavin yaldram aswathkk rahulramesha sidhantgoel Vijetha-Kaja haojin111 berzerkeer sum35h ChandanBalajiBP devrk96 keyurparalkar eco-monk vibhandikyash ofpiyush vishnu-gp rimildeyjsr tanvibhakta rashmigowda55 ankurrsinghal Druthi geekup-legodevops megaconfidence vihar danieldare Nikhil-Curefit souma-ghosh arslanhaiderbuttar tkAppsmith rashmi-rai leotom2000 ravikp7 Adityaacharya1807 RashmiNagarajp prapullac kaushik94 PiyushPushkar02 akshayrangasaid mojtab23 rohitagarwal88 iamakulov iamrkcheers sumanthyedoti shubham7saxena7 vaibh1297 vnodecg pc9795 Rhitottam Pranay105 iSatVeerSingh abm17 akshay11298 daniel-shuy daniloff200 osis harshitpandey0426 ganganimaulik jyash97 ram-primathon sub1983 sanjus-robotic-studio AR10X shreemaan-abhishek A-Scratchy gitstart-appsmith manish535 shinnlok suhasranganath ThakurKarthik trdillon acharyaaditya18 amogh2019 appsmithguru pric-appsmith sunil-codemonk abhiappsmith ajinkyakulkarni Cool-Runningz akbansa ArjobanSingh bharat-patodi Bhavin789 bhuvanaindukuri donno2048 jacobwgillespie reachtokish nuwan94 OmkarPh parthiv11 priyanka-mahour rafaeelaudibert samyakjain10 Jain-Sanchit irfan-ansari-au28 sheetal2001p Hard-Coder05 vj-codes knockknockyoo jdun28 alphaX86 aanchal-fatwani monarch0111 abhishekS14 adarshlilha avats-dev visibleajay blenderskool AlekSi alzaar heroic AJ-72 apoorv-mishra anvaravind ari-hacks arunstar ashwanisindhu1 ayushkumarbhadani Caitlin-Fotheringham Chiradeep-Banik chrismaeda CommanderRoot DevSnap digvijaysinghh DiptoChakrabarty felixsuarez0727 gitstart Gretel8 danguilherme harshmange44 indrajitbnikam ishaanmehta4 jaikanthjay46 jarimayenburg JarLob JeffResc jmakhack jlund jrcamelo khoahuynhdev kylegalbraith loiscodes jk2K micarner me-heer MuhammadAakash dammahhammad moulik-deepsource Nandanha wasabigeek nipun1999 nishihere19 Nitesh2905 eagleera NoxiousPenguin palashkaria pallavagarwal07 paususe neok sanchezpili6 pushkar1393 imor ricardocarrola RishiKumarRay Rooney30 Saket2 Sheikh-JamirAlam withshubh smrutiparida somnathdasadhikari srijanshetty Sufiyan1997 rayrny trishitapingolia trivikr webdott vasanthkumar18 VanshajPoonia vedant-pandey torcoste vvkpd yasharma2301 Yash-Bhange YogeshJayaseelan Ian-Yy danceAndJive devnamrits deepakchethan IAmAnubhavSaini gokuatkai Jackenmen Mrxyy zimkjh kyteinsky lifeneedspassion nikhil-babar nupur-singhal1992 nzidol onifs10 ps-xaf

License

Appsmith is licensed under the terms of Apache License 2.0.