pippo
pippo copied to clipboard
pippo-java
Micro Java Web Framework
As currently implemented, `GZipResponseStream` buffers whole response and compresses it only upon closing: https://github.com/pippo-java/pippo/blob/master/pippo-core/src/main/java/ro/pippo/core/gzip/GZipResponseStream.java This may result in HUGE heap usage when streaming BIG responses, which is primary use case...
Per documentation at http://www.pippo.ro/doc/internationalization.html i18n is configured using `application.languages` setting in `conf/application.properties` and then having `messages.properties` with default language messages and one `messages_.properties` file for each **additional** language configured. However,...
Few observations: [pippo-demo-servlet](https://github.com/pippo-java/pippo-demo/tree/master/pippo-demo-servlet) demonstrates how Pippo could currently be embedded into any servlet container. Provided way works, but doesn't play well with DI concepts. It even, as far as I...
Bumps [hazelcast](https://github.com/hazelcast/hazelcast) from 3.7.4 to 3.12.13. Release notes Sourced from hazelcast's releases. 3.12.13 This document lists the new features, enhancements, fixed issues and, removed or deprecated features for Hazelcast IMDG...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [c3p0](https://github.com/swaldman/c3p0) from 0.9.5.2 to 0.9.5.4. Commits c61c00b Fix one missing word in docs... 3aa4e5f Fix dangling <tt> in docs. a93dc64 Provide more accurate warning messages on XML parse failures....
Bumps [spring-web](https://github.com/spring-projects/spring-framework) from 4.1.1.RELEASE to 6.0.0. Release notes Sourced from spring-web's releases. v6.0.0 See What's New in Spring Framework 6.x and Upgrading to Spring Framework 6.x for upgrade instructions and...
Bumps tomcat-embed-core from 8.5.61 to 8.5.63. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Hello, We just saw today (as we installed Greenshot), a vulnerability about Pippo. **Severity level is critical** **Summary**: Pippo through 1.11.0 allows remote code execution via a command to java.lang.ProcessBuilder...
