spring-ai [Malicious, Package Squatting Attack] Do Not Use Packages from the "io DOT springboot" domain!!!

hi, community. If I want to develop based on spring core module to adapt new ai big model, how pom.xml is selected.

Docs：

  <repositories>
    <repository>
      <id>spring-milestones</id>
      <name>Spring Milestones</name>
      <url>https://repo.spring.io/milestone</url>
      <snapshots>
        <enabled>false</enabled>
      </snapshots>
    </repository>
    <repository>
      <id>spring-snapshots</id>
      <name>Spring Snapshots</name>
      <url>https://repo.spring.io/snapshot</url>
      <releases>
        <enabled>false</enabled>
      </releases>
    </repository>
  </repositories>

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.springframework.ai</groupId>
            <artifactId>spring-ai-bom</artifactId>
            <version>0.8.1-SNAPSHOT</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>

Maven repo： https://mvnrepository.com/artifact/io DOT springboot DOT ai/spring-ai-core/1.0.0

<dependency>
    <groupId>io DOT springboot DOT ai</groupId>
    <artifactId>spring-ai-core</artifactId>
    <version>1.0.0</version>
</dependency>

Which one should I choose and is there any difference between them?

Apr 02 '24 14:04 yuluo-yx

Community Issue Questions go unanswered? There's already a backlog of questions. @tzolov

Apr 03 '24 01:04 yuluo-yx

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.springframework.ai</groupId>
            <artifactId>spring-ai-bom</artifactId>
            <version>1.0.0-SNAPSHOT</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>

you should continue to use above one.

Apr 03 '24 02:04 anbusampath

This looks like some accidental publish.

got it, thanks

Apr 03 '24 02:04 yuluo-yx

@yuluo-yx , @anbusampath

This looks like a package squatting attack!

The io.springboot.ai is not valid and likely malicious domain.

The official Spring domain is org.springframework.ai and the latest version is 1.0.0-SNAPSHOT:

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.springframework.ai</groupId>
            <artifactId>spring-ai-bom</artifactId>
            <version>1.0.0-SNAPSHOT</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>

Apr 07 '24 12:04 tzolov

And here is the official documentation with the currently supported versions and related docs: https://spring.io/projects/spring-ai#learn Mind that 0.8.1 is a milestone (so not available on Maven Central).

Apr 07 '24 12:04 tzolov

@yuluo-yx , @anbusampath

This looks like a package squatting attack!

The io.springboot.ai is not valid and likely malicious domain.

The official Spring domain is org.springframework.ai and the latest version is 1.0.0-SNAPSHOT:
<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.springframework.ai</groupId>
            <artifactId>spring-ai-bom</artifactId>
            <version>1.0.0-SNAPSHOT</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>

got it. IMO, if indeed there is no relevant release. Something should be done officially, as the github address is the same as the project address, and some people may introduce the wrong package due to carelessness.

1712543517626

Apr 08 '24 02:04 yuluo-yx

Thanks for raising this @yuluo-yx. We're not aware of it and will do our best to deal it. From what I can see the springboot DOT io is Chinese portal. Wonder how popular is it and if the owners are involved or at least aware of the attack.

Apr 08 '24 06:04 tzolov

I also encountered this problem. I was using the wrong dependency package 😂:

// not official do not use
implementation("io DOT springboot DOT ai:spring-ai-azure-openai-spring-boot-starter:1.0.0")

Apr 08 '24 08:04 XhstormR

Thanks for raising this @yuluo-yx. We're not aware of it and will do our best to deal it. From what I can see the springboot DOT io is Chinese portal. Wonder how popular is it and if the owners are involved or at least aware of the attack.

1712567919769

Judging from the usage of the maven repository, there are still a lot of users. Also, the update is close to the time of the 1.0.0 release

@tzolov Maybe we can pin this Issue. Warn more developers .

Apr 08 '24 09:04 yuluo-yx

I also encountered this problem. I was using the wrong dependency package 😂:
// not official do not use
implementation("io DOT springboot DOT ai:spring-ai-azure-openai-spring-boot-starter:1.0.0")

Haha, very unfortunate.

Apr 08 '24 09:04 yuluo-yx

Judging from the usage of the maven repository, there are still a lot of users.

Those usages are all just within spring-ai (the core jar is used by all the others). So there's not a lot of evidence of usage by the community.

Apr 08 '24 12:04 dsyer

I'm no expert in this library, but I see no evidence of anything malicious being added yet. Perhaps the idea (if the intent was malevolent) was to sneak a benign change through and later make changes once that trust or namespace was established?

I did some decompiles and found nothing suspicious, but then decided to compare it to the last release.

pkgdiff infiles/spring-ai-core-0.8.1.jar infiles/spring-ai-core-1.0.0.jar.zip 
reading packages ...
comparing packages ...
creating report ...
result: CHANGED (1.9%)
report: pkgdiff_reports/spring-ai-core/0.8.1_to_1.0.0.jar/changes_report.html