disabling metrics does not affect functionality but you will lose monitoring and diagnostics capability. Application Insights is a feature in Azure that provides comprehensive monitoring of applications, including performance metrics, and disabling specific metrics could limit its ability to provide detailed insights. The recommended course of action is to upgrade to the patched versions of Spring Boot (2.7.18, 3.0.13, or 3.1.6) which address this vulnerability https://github.com/advisories/GHSA-jjfh-589g-3hjx
CVE-2023-34055: Spring Boot server Web Observations DoS Vulnerability
Victor Scurtu
25
Reputation points
Hello,
We are using Azure Spring Apps service.
I just came across Spring advisory CVE-2023-34055: Spring Boot server Web Observations DoS Vulnerability
https://spring.io/security/cve-2023-34055/
The temp fix proposed is to disable some metrics:
management.metrics.enable.http.server.requests=false
But if we do that would it be a 'side effect' on Application Inside service functionality?
Or in another words, the question is should we apply the temp fix related to metrics or wait for Azure to take care of it?
Thank You.