Post
Lari Hotari
‪@lhotari.bsky.social‬
The URL used had the path /management/heapdump, possibly a Spring Boot app. I never imagined that my contribution github.com/spring-proje... in 2016 would result in this disaster 9 years later. In Spring Boot, you should set management.server.port and never expose management endpoints externally.
Add actuator endpoint to download a heapdump by lhotari · Pull Request #5670 · spring-projects/spring-boot
This adds an actuator endpoint /heapdump that creates a heap dump by using com.sun.management.HotSpotDiagnosticMXBean available at least on Oracle Java 8 and OpenJDK Java 8. It returns a compressed...
github.com
‪Micah Lee‬
 ‪@micahflee.com‬
· 1mo
DDoSecrets publishes 410 GB of heap dumps, hacked from TeleMessage's archive server micahflee.com/ddosecrets-p...
DDoSecrets publishes 410 GB of heap dumps, hacked from TeleMessage's archive server
This morning, Distributed Denial of Secrets published 410 GB of data hacked from TeleMessage, the Israeli firm that makes modified versions of Signal, WhatsApp, Telegram, and WeChat that centrally arc...
micahflee.com
May 20, 2025 at 11:11 PM
·
Translate
1 repost
2 likes
‪Lari Hotari‬ ‪@lhotari.bsky.social‬
· 1mo
I guess heapdump should be restricted by default in Spring Boot, in the similar way as shutdown, docs.spring.io/spring-boot/...
Endpoints :: Spring Boot
docs.spring.io
‪Lari Hotari‬ ‪@lhotari.bsky.social‬
· 1mo
Yes, it seems to be a Spring Boot app. news.ycombinator.com/item?id=4403...
From the Wired article: "The archive server is programmed in Java and is built u... | Hacker News
news.ycombinator.com