Use of Insufficiently Random Values

Summary

Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot versions prior to 3.5.14 and 4.0.0-M1 prior to 4.0.6 random value property source / weak PRNG for secrets. Versions that are no longer supported are also affected per vendor advisory.