SecurityAnnotationScanner's method comparison should use .equals #17143

jzheaux · 2025-05-19T15:16:44Z

When using == to look for a method match, it may not account for technologies like AspectJ that weave behavior around a method at compile time.

Closes gh-17143

Alina-Podoba · 2025-06-13T08:49:28Z

Hi, thanks for the clarification and the fix.
Just to confirm- is spring-security-core considered affected by CVE-2025-41232 as well?

jzheaux added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels May 19, 2025

jzheaux self-assigned this May 19, 2025

jzheaux added in: core An issue in spring-security-core in: aspects An issue in spring-security-aspects and removed status: waiting-for-triage An issue we've not yet triaged labels May 19, 2025

jzheaux added this to the 6.4.6 milestone May 19, 2025

jzheaux mentioned this issue May 19, 2025

SecurityAnnotationScanner's method comparison should use .equals #17144

Closed

jzheaux added a commit that referenced this issue May 19, 2025

Use .equals to Compare Methods

bf2aaa1

Closes gh-17143

jzheaux closed this as completed in c972de5 May 19, 2025

jzheaux mentioned this issue May 19, 2025

SecurityAnnotationScanner's method comparison should use .equals #17145

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

SecurityAnnotationScanner's method comparison should use .equals #17143

SecurityAnnotationScanner's method comparison should use .equals #17143

jzheaux commented May 19, 2025

Alina-Podoba commented Jun 13, 2025

Uh oh!

SecurityAnnotationScanner's method comparison should use .equals #17143

SecurityAnnotationScanner's method comparison should use .equals #17143

Comments

jzheaux commented May 19, 2025

Alina-Podoba commented Jun 13, 2025

Uh oh!