Avoid Spring Boot debug and actuator exposure in shipped configuration
Spring Boot configuration should not force debug logging or wildcard actuator exposure.
#Metadata
#Why it matters
Debug modes and fully exposed actuator endpoints leak internals and expand remote attack surface when configs ship to production.
#Remediation
Remove debug=true overrides, scope logging levels deliberately, and enumerate only required actuator endpoints behind authentication.
#Repository path
The generated metadata points to critiq-rules/libs/rules/catalog/rules/java/java.security.spring-debug-exposure.rule.yaml.