The Spring Blog

News and Events

Spring Cloud Data Flow for Mesos 1.0 RC2 released

We are pleased to announce the 1.0.0.RC2 release candidate of Spring Cloud Data Flow for Mesos, a team effort that encompasses many new features under the hood.

This release candidate builds upon the recent 1.0 GA release of Spring Cloud Data Flow. Some highlights include:

  • We now run the Spring Cloud Data Flow Server as a Docker image on Marathon, a container orchestration platform for Mesos.
  • This release adds features to support stream partitioning and scaling
    • Currently partitioning and scaling of sinks and processors are handled by using multiple application deployments, one for each app instance, identified by an index appended to the name.

    • Scaling of sources is handled by using additional application instances.
  • Streams are now deployed using Marathon Application Groups so it is easier to identify the different apps making up a stream.
  • We have added support for launching tasks using Chronos, a fault tolerant job scheduler for Mesos.

Spring Cloud Stream Brooklyn.M1 is available

On behalf of the team, I am pleased to announce the release of the first milestone of the Spring Cloud Stream Brooklyn release train. Spring Cloud Stream Brooklyn.M1 is available for use in the Spring Milestone repository, a detailed description of its features can be found in the reference documentation. Release notes are available here and include important information on the migration path.

From a Monolith to a Release Train

Spring Cloud Stream Brooklyn.M1 succeeds Spring Cloud Stream 1.0. The change in the naming scheme reflects the project’s structural changes, in particular switching from a monolithic structure, where the core components and the binder implementations are contained together, to a more decentralized one. In the new structure, the core and binder implementations are separate projects, with their own release cadence. A release train BOM aggregates the release components together and manages their versions.


Spring Cloud Data Flow for Cloud Foundry goes 1.0 GA

We are pleased to announce the general availability of Spring Cloud Data Flow for Cloud Foundry version 1.0.0.RELEASE.

Spring Cloud Data Flow for Cloud Foundry provides support for orchestrating long-running (streaming) and short-lived (task/batch) data microservices on Cloud Foundry runtime.

As the successor to Spring XD, this project benefits from a much more decoupled architecture, leveraging the Spring Cloud Deployer for Cloud Foundry library, which also goes GA today. More details about Spring Cloud Data Flow’s architecture and its ecosystem can be found in this blog.


Check your Spring Security SAML config - XXE security issue

It was brought to our attention that the spring-security-saml sample application contained an XML External Entity (XXE) vulnerability. This meant that a malicious user could view any file that the Spring Application’s process had access to.

The issue was a direct result of OpenSAML Java ParserPool and Decrypter Vulnerable To XML Attacks. The default behavior of the ParserPool implementations is fixed in OpenSAML 2.6.1+ (which Spring Security SAML uses). However, the vulnerability is still possible if users construct their own ParserPool without the proper settings.


Spring Cloud Data Flow for Cloud Foundry 1.0.0.RC1 now available

We are pleased to announce the 1.0.0.RC1 release of Spring Cloud Data Flow for Cloud Foundry.

As we near completion towards a GA release in the upcoming days, this milestone brings the following improvements:

  • Builds upon the 1.0.0.RC1 release of Spring Cloud Deployer Cloud Foundry, which itself builds upon Project Reactor 3.0.0.RELEASE and of CF-Java-Client 2.0.0.RELEASE

  • Adds the ability to orchestrate short-lived tasks including Spring Batch Jobs in Cloud Foundry, which can be enabled as an experimental feature toggle

  • Adds support for command line arguments as a separate set of properties to be passed to a Task when it’s launched

  • Adds support to separate stream and task specific service bindings. This allows pinning stream and tasks specific services to stream and task applications respectively

  • Adds the ability to override the buildpack used on a per-app deployment basis

  • Significant improvements to the Spring Cloud Deployer Cloud Foundry TCK test coverage allowed refinements in app-state calculation

  • Adds documentation about rolling upgrades and how to integrate with Spring Cloud Config Server "service" in Pivotal Cloud Foundry


Spring Security 4.1.3 Released

I’m pleased to announce the release of Spring Security 4.1.3.RELEASE which updates libraries & resolves some minor issues including fixes for the new MvcRequestMatcher.

For details refer to the changelog.


Without the community we couldn’t be the successful project we are today. I’d like to thank everyone that created issues & provided feedback.

Feedback Please

If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping me @rob_winch or Joe @joe_grandja on Twitter.


Spring Cloud Brixton.SR5 is available

On behalf of the team, I am pleased to announce that Service Release 5 of the Spring Cloud Brixton Release Train is available today. The release can be found in our Spring Release repository and Maven Central.

This release includes primarily bug fixes.

This release also deprecates Spring Cloud Cluster in favor of Spring Integration.

The following modules were updated as part of Brixton.SR5:


Spring for Apache Kafka 1.1.0 Milestone 1 Available

I am pleased to announce that the Spring for Apache Kafka 1.1.0.M1 milestone release is available now.

As usual, thanks to the community for any feedback and contribution as always!

Highlights of this release:

  • Support for the 0.10.x.x client (use 1.0.x for the 0.9.x.x client)

  • Support for listeners that receive the entire batch of messages returned by the consumer.poll() operation

  • Support for null payloads - used to delete keys when using log compaction

  • Allow setting the initial offset to be relative to the current offset


This Week in Spring - August 23, 2016

Welcome to another installation of This Week in Spring! This week I’m in NYC (for the NYC Java SIG), Austin and San Francisco (for the Silicon Valley Spring User Group) talking to customers and doing meetups! We’ve got a lot to cover, as usual, so let’s get to it!


Spring Cloud Spinnaker 1.0.0.M1

Greetings Spring community,

I am happy to release the first milestone for Spring Cloud Spinnaker. Spring Cloud Spinnaker bundles up the continuous delivery Spinnaker platform, and provides a 1-click installer to let you install it to any certified Cloud Foundry provider.

At this year’s SpringOne Platform 2016 conference, there were two talks about Spinnaker. If you have early release access and missed them, you can watch right now. Otherwise you can catch them on the SpringDeveloper YouTube Channel once they are published.