Hi Spring fans! We’re at the end of another season of Spring Tips. I’ll be back in a few months with even more Spring Tips, and we’ll continue our journey through aspects of the ecosystem large and small. This season, as with all seasons, has been fun for me to put together. It is a mix of brand new stuff and older stuff that we get to review in a new light. As always, I do these for you and am always eager to hear about what regions of Springdom you’d like illuminated.

Anyway, here’s a recap of the things we’ve looked at in previous installments from seasons 1-4. Enjoy!

The new Spring Cloud Finchley GA release is jam-packed with good stuff and represents a major milestone in the journey to reactive microservices. I couldn’t possibly list everything so I refer you to the fresh-from-the-oven release announcement by Spencer Gibb. Instead, in this post, I want to focus on the road we have taken to reactive Spring Cloud.

We released Spring Framework 5 in September 2017. This was the first release to introduce new Reactive programming support to help build more robust, scalable services. It builds upon the Pivotal Reactor project, our reactive streams compatible reactive runtime. Spring Framework 5 also includes a ton of new features, and I won’t try to list them all, either, choosing instead to focus on reactive support here. What is reactive programming? Why does it matter? Well, it matters when you’re building networked services.

Hi Spring fans! Welcome to another wonderful and wild This Week in Spring! This week I’m in Amsterdam, NL (visiting customers); London, UK (for both the London Java Community Java User Group talk and the SpringOne Tour event); Paris, FR (for the first JHipster Conf); Krakow, PL (for Devoxx Poland) and then it’s off to Sao Paolo, BR (for the Spring Connect show). If you’re in any of those places, say hi!

• Spring Cloud Finchley.RELEASE is available. This is the big one! It’s finally here! The final piece of the reactive puzzle. This release culminates an almost year long journey from Spring Framework 5 (released in September of 2017) which introduced the world of Spring to reactive programming. Then we saw Spring Data Kay, Spring Cloud Stream, Spring Security 5, Spring Boot 2 (just a few months ago) and now, finally, Spring Cloud Finchley all embrace reactive programming wherever it makes sense. Spring Framework 5 is the new baseline and with it comes a new Java baseline requirement; Spring Cloud Finchley assumes Java 8 or better. This release is not just a refresh, though! Furthest thing from it! This release also includes two (effectively) brand new projects called Spring Cloud Function and Spring Cloud Gateway. Spring Cloud Function supports serverless programming and Spring Cloud Gateway is an API Gateway.
• Sprinf IO Platform lead Andy Wilkinson has just announced Spring IO Platform Cairo SR2
• Not one to rest on his laurels, Andy Wilkinson also just announced Spring IO Platform Brussels SR11
• Brian Clozel published the following Spring Framework-related CVEs!
• Brian Clozel has just announced Spring Boot 2.0.3
• Stéphane Nicoll has just announced Spring Boot 1.5.14
• Simon Baslé has just announced the Reactor Bismuth-SR10 release.
• Spring Session Apple SR3 Released
• Mark Paluch announced Spring Data Ingest SR13 and Spring Data Key SR8
• Spring Cloud Stream ninja Soby Chacko has some nice examples demonstrating partitioning
• Spring Cloud Stream Ditmars.SR4 Released
• Spring Security 5.0.6 and 4.2.7 Released
• Spring Cloud Pipelines 1.0.0.M8 Released
• Spring Frameworks 5.0.7 and 4.3.18 are available now
• In last week’s Spring Tips, we looked at the brand new Spring Fu project. Spring Fu is an experiment where we investigate options for a Kotlin-first and functional configuration-centric approach to microframeworks. It is also really fast. Try it out!
• Spring community legend Michael Simons has a nice post on how to use JUnit 5 with Spring Boot for unit and integration tests
• This is a wonderful post by Martin Deinum on the structure of the ApplicationContext, and how the various kinds of “configuration” are supported in Spring. This is an absolutely golden post and I’m so happy to see someone talking about these often overlooked details.
• This post by Okta Developer Advocate Matt Raible details how to secure a Spring Boot and Angular PWA application as a single artifact
• Spring Data Geode/Gemfire lead John Blum has a fantastic example of using Spring Data Geode/Gemfire to build a sample application. Check it out
• Check out the new release of the Chaos Monkey for Spring Boot. This release supports Spring Boot 2.x, improved documentation and improved JMX Actuator support.
• Check out this new cf CLI plugin to plugin to enable pushing artifacts to cloud foundry by maven coordinates
• Tricks with ‘var’ and anonymous classes (that you should never use at work) - [email protected]
• Did you miss Spring I/O 2018 in Barcelona, Spain? (If so, why?) Check out this recap post
• The Java Revisited blog has a nice post on why every developer should use Spring to build REST APIs
• I really liked this post on user impersonation with Spring Security
• Our very own Toshiaki Maki put together a really cool demo that Spring Boot 2 and iText (OpenPDF) and AbstractPdfStamperView to create a .PDF template

On behalf of the community, I am pleased to announce that the General Availability (RELEASE) of the Spring Cloud Finchley Release Train is available today. The release can be found in Maven Central. You can check out the Finchley release notes for more information.

Lifecycle Announcements for Release Train Versions

The Camden release train has reached end-of-life status. The Dalston release train will reach end-of-life status in December 2018. The Edgware release train will follow the end-of-life cycle of the Spring Boot 1.5.x line.

I am pleased to announce that Spring IO Platform Cairo-SR2 is now available from both repo.spring.io and Maven Central.

This maintenance release upgrades the versions of a number of the projects in the Platform:

• Spring AMQP 2.0.4
• Spring Boot 2.0.3
• Spring Cloud Connectors 2.0.2
• Spring Data Kay SR8
• Spring Framework 5.0.7
• Spring Integration 5.0.6
• Spring Kafka 2.1.7
• Spring Security OAuth2 2.2.2
• Spring Security 5.0.6
• Spring Session Apple SR3

The versions of a number of third-party dependencies have also been updated.

I am pleased to announce that Spring IO Platform Brussels-SR11 is now available from both repo.spring.io and Maven Central.

This maintenance release upgrades the versions of a number of the projects in the Platform:

• Spring AMQP 1.7.8
• Spring Boot 1.5.14
• Spring Cloud Connectors 1.2.6
• Spring Data Ingalls SR13
• Spring Framework 4.3.18
• Spring Integration 4.3.17
• Spring Security 4.2.7
• Spring Session 1.3.3

The versions of a number of third-party dependencies have also been updated.

Project Page | GitHub | Issues | Documentation

The following CVEs have been published today:

• CVE-2018-11039: Cross Site Tracing (XST) with Spring Framework
• CVE-2018-11040: JSONP enabled by default in MappingJackson2JsonView

Fixes for those vulnerabilities have been released with Spring Framework 5.0.7 & 4.3.18, Spring Boot 1.5.14 and Spring Boot 2.0.3.

Please, review the information in the CVE reports and upgrade immediately.

On behalf of the team, I am pleased to announce that Spring Boot 2.0.3 has been released and is is now available from repo.spring.io and Maven Central.

Spring Boot 2.0.3 includes 99 fixes, improvements and dependency updates. Thanks to all that have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

On behalf of the team, I am pleased to announce that Spring Boot 1.5.14 has been released and is is now available from repo.spring.io and Maven Central.

Spring Boot 1.5.14 includes 42 fixes, improvements and dependency updates. Thanks to all that have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

On behalf of the Reactor team, I have the pleasure of announcing a first shipment of Reactor goodness this week: Reactor Bismuth-SR10 is out 🚢

Stay tuned for a Reactor Californium milestone later this week 🕵🏻‍♂️

Reactor Bismuth-SR10

The latest maintenance BOM of the 3.1.x line, Bismuth-SR10, is out. It includes two new artifacts (click on the version numbers to see the release notes on GitHub):

• reactor-core 3.1.8.RELEASE
• reactor-netty 0.7.8.RELEASE

One update considerations though: Flux.last() used to skip throwing a NoSuchElementException on some category of empty sources (Flux or Mono that are Callable, like Flux.empty()). This is a bug and it correctly does throw now.