Hmm, I have a question… For example, I've got a model:

@Entity
public class Something {
    @Id
    @GeneratedValue(generator = "uuid2")
    @GenericGenerator(name = "uuid2", strategy = "uuid2")
    public UUID id;

    @NotNull @Column(columnDefinition = "TEXT")
    public String text;
}

, a form with the only field

text

, and a controller method:

String addSomething(@ModelAttribute Something something) { somethingRepository.save(something); }

If a user adds

id=00000000-0000-0000-0000-000000000000

to his request, and a model with such id already exists, will Hibernate update an existing model? How we can close this security hole? Actually, we could null out all fields that are not in the form, but it is awful.