The Spring Blog

Just starting your dev career? Check out this last report on the JVM ecosystem. Simon Maple, Andrew Binstock, and many others have done developers of all skill levels a great service with this data.

<@snyksec>Mirror mirror on the wall, which is the most popular Java web framework of them all?

<Mirror> We live in a Spring-world. In fact, the average application is more likely to use Spring than not! 54% of apps use Spring Boot/Spring MVC/JHipster.https://t.co/2dkjt6xauK pic.twitter.com/KcMYWew6Jk

— Simon Maple (@sjmaple) October 19, 2018

I am pleased to announce that Spring IO Platform Cairo-SR5 is now available from both repo.spring.io and Maven Central.

This maintenance release upgrades the versions of a number of the projects in the Platform:

• Reactor Bismuth-SR12
• Spring AMQP 2.0.8
• Spring Boot 2.0.6
• Spring Data Kay SR11
• Spring Framework 5.0.10
• Spring Integration 5.0.9
• Spring Security 5.0.9
• Spring Security OAuth 2.2.3
• Spring Session Apple SR6
• Spring Web Flow 2.5.1
• Spring Web Services 3.0.4

The versions of a number of third-party dependencies have also been updated.

I am pleased to announce that Spring IO Platform Brussels-SR14 is now available from both repo.spring.io and Maven Central.

This maintenance release upgrades the versions of a number of the projects in the Platform:

• Spring AMQP 1.7.11
• Spring Boot 1.5.17
• Spring Data Ingalls SR16
• Spring Framework 4.3.20
• Spring Security 4.2.9
• Spring Security OAuth 2.0.16
• Spring Web Flow 2.4.8
• Spring Web Services 2.4.3

The versions of a number of third-party dependencies have also been updated.

Project Page | GitHub | Issues | Documentation

On behalf of the community, I am pleased to announce that the Service Release 5 (SR5) of the Spring Cloud Edgware Release Train is available today. You can find the release in Maven Central. You can also check out the Edgware release notes for more information.

Notable Changes in the Edgware Release Train

Spring Cloud Commons

• Bug fixes

Spring Cloud Config

• Documentation and Bug fixes

Spring Cloud Contract

• Bug fixes

Via #707 we’ve a test listener that handles issues with closing and starting WireMock servers. Thanks to this change you no longer need to set the @DirtiesContext on your tests if you want to reuse the same ports for your stubs.

On behalf of the team, it is my pleasure to announce that Spring Boot 2.1.0.RC1 has been released and is now available from our milestone repository.

This release closes over 100 issues and pull requests, and is our first release candidate. At this point we’re not anticipating that any major API changes or new features will be added before our final 2.1 GA release.

We’ve refined a number of items from previous milestone, and provide a number of notable new features including:

• Auto-configuration for additional Micrometer registries: AppOptics, Humio and KairosDB
• Support for Jersey metrics (Thread pool and HTTP request)
• Integration with Hibernate’s BeanContainer API

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I’m in Toronto, Canada, where I’ve been speaking to customers and at a meetup, then it’s off to St. Petersburg, Russia for the epic Joker conf 2018. As usual, we’ve got a ton to cover so let’s get to it!

• Check out this new version of the legendary Spring Petclinic, based on the new Spring Data JDBC
• Spring Security OAuth 2.3.4, 2.2.3, 2.1.3, 2.0.16 Released
• Rossen Stoyanchev has just announced the publication, and resolution for, two CVEs affecting Spring - READ THIS!
• Spring Boot 2.0.6
• Spring Session Apple SR6 Released
• Spring Security 5.1.1, 5.0.9, and 4.2.9 Released
• Spring Boot 1.5.17
• Some nice posts here for the Spanish-language readers
• Spring Data Lovelace SR1, Kay SR11, and Ingalls SR16 released
• Spring Framework 5.1.1, 5.0.10 and 4.3.20 available now
• Juergen Hoeller, Pivotal—Current and Future State of Java, SpringOne Platform 2018
• Nice whitepaper by Uli Homann, Distinguished Architect, Microsoft and Josh McKenty, Vice President & Field CTO, Pivotal on cloud flexibility
• https://twitter.com/springframework/status/1052293878559244288
• Jakub Pilimon put together a nice look at how Spring supports CQRS
• Wow! The Spring Boot project has almost 500 contributors!
• I love Richard Seroter’s recent series on all the things you may not have been aware that Cloud Foundry could run
• Thymeleaf Spring Security integration 3.0.3 (with Spring Security 5 + WebFlux support)
• Are you interested in presenting? Bruno Souza, a legend in his own right, and I had a discussion on how to help people present. It’s a bit meta. I hope it’s useful. I would love to be made irrelevant :) The more people out there helping disseminate good, sound technology practice, the better! Want to give a talk? Do it! You know I’m always happy to support such initiatives, right? My DM’s are open!
• Want to build upon the stack being used to power one of the largest e-commerce engines on the planet, Alibaba? They’re using Spring Cloud! They’ve even adapted and open-sourced their proprietary infrastructure into a project called Nacos, which they introduce here
• There’s also some really compelling new stuff in store for Flyway in the new Spring Boot! Check it out!
• Whew! Some good stuff coming to Spring Cloud Contract via this massive PR to Rest Assured submitted by the Spring Cloud Contract ninja Olga Maciaszek-Sharma
• Nice Spanish-language post on building CRUD and REST applications with Kotlin and Spring Boot
• I did an interview that has been translated into Russian - check it out!
• There is a ton of Spring-related content to come out of this Microsoft Ignite 2018 event - check it out!
• The Livelessons videos that Spring Security lead Rob Winch and I put together are coming soon! Check this page on Oct 25, 2018.
• Christoph Nahr has put together a nice post that, while not strictly speaking about Spring, will certainly serve the Spring user quite well: it looks at what’s been removed in Java 11 (which, of course, you are already using, right?)
• The Okta Developer blog features a new post on build a mobile app with React Native and Spring Boot - check it out!
• This isn’t, strictly speaking, a Spring related post but it’s interesting: how to build Java runtime for non-modular applications using jlink in Java 9+.
• This post - on projections with Spring Data JPA - is quite handy / thoughtful. Check it out!
• Want to learn about reactive programming? Check out the code and slides to Rob Winch’s epic Intro to Reactive Programming

The following CVEs have been published today:

1. CVE-2018-15756 for Spring Framework 5.1.1, 5.0.10, and 4.3.20.
2. CVE-2018-15758 for Spring Security OAuth 2.3.4, 2.2.3, 2.1.3, and 2.0.16.

Please, review the information, including affected project versions, in the CVE reports and upgrade immediately.

Spring Boot Users:
Spring Boot 2.0.6 and 1.5.17, released earlier today, contain the fixes for the above vulnerabilities.

On behalf of the team and everyone that contributed, it is my pleasure to announce that Spring Boot 2.0.6 has been released and is is now available from repo.spring.io and Maven Central.

Spring Boot 2.0.6 includes 97 fixes, improvements, and dependency updates as well as a Spring Framework CVE report. Thanks to all that have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.