The Spring Blog

Engineering
Releases
News and Events

This Week in Spring - April 10th, 2018

Hi Spring fans! This week I’m in Atlanta, Indianapolis and Cincinnati! I’ll be speaking at the Atlanta, GA Spring Meetup on Tuesday the 10th where I’ll be looking about all things new, bootiful and cloud-native including reactive programming, Spring Web Flux, Spring Cloud Finchley, Spring Cloud Function and Project Riff. Then it’s off to Indianapolis where I’ll be doing the same talk on Thursday the 12th.

What a crazy week it’s been! There’s so much to get to this week. I want to call out, first, that there are some CVEs out there and if you haven’t already, you should be updating urgently and accordingly. Read on for more information.

Read more...

Announcing General Availability of Spring Cloud Stream - Elmhurst.RELEASE (2.0.0.RELEASE)

After a long and exciting journey, we are pleased to announce the General Availability release of the Spring Cloud Stream Elmhurst release train - Elmhurst.RELEASE/2.0.0.RELEASE.

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-stream-dependencies</artifactId>
            <version>Elmhurst.RELEASE</version>
            <type>pom</type>
            <scope>import</scope>
        </dependency>
    </dependencies>
</dependencyManagement>
Read more...

Spring Boot 1.5.12 available now

CVE-2018-1270 reported last week was unfortunately not fully addressed in the 4.3.x branch of the Spring Framework. Spring Framework 4.3.16 has been released today, so we’ve decided to also release Spring Boot 1.5.12 to help people upgrade easily.

This release includes just 3 fixed issues, but should be considered a priority upgrade for all existing Spring Boot 1.5 users.

Spring Boot 2.0 users are not affected and should use the existing 2.0.1 release.

Project Page | GitHub | Issues | Documentation | Stack Overflow | Gitter

Read more...

Spring IO Platform Cairo-RELEASE

It’s my pleasure to announce that Spring IO Platform Cairo-RELEASE is now available from the Spring release repository and Maven Central. The Cairo generation of the Platform builds on top of Spring Framework 5.0 and Spring Boot 2.0 and requires Java 8.

What has changed

Cairo upgrades the versions of a number of projects:

  • Reactor Bismuth
  • Spring AMQP 2.0
  • Spring Batch 4.0
  • Spring Boot 2.0
  • Spring Cloud Connectors 2.0
  • Spring Data Kay
  • Spring Framework 5.0
  • Spring Integration 5.0
  • Spring Kafka 2.1
  • Spring REST Docs 2.0
  • Spring Security 5.0
  • Spring Security OAuth 2.2
  • Spring Session 2.0
  • Spring Web Flow 2.5
  • Spring Web Services 3.0
Read more...

Spring IO Platform end-of-life announcement

Maintenance of the Spring IO Platform will end twelve months from today, 9 April 2019, and the project will be moved to the attic. Maintenance releases of both the Brussels and Cairo lines will continue to be published up until that time.

When the Platform was first introduced almost four years ago it provided dependency management for a number of projects that were not managed by Spring Boot. In recent releases that number has decreased and would have continued to do so in the future as the Spring portfolio continues to evolve.

Read more...

Spring IO Platform Brussels SR8

I am pleased to announce that Spring IO Platform Brussels-SR8 is now available from both repo.spring.io and Maven Central.

This maintenance release upgrades the versions of a number of the projects in the Platform:

  • Spring AMQP 1.7.7
  • Spring Batch 3.0.9
  • Spring Boot 1.5.11
  • Spring Data Ingalls SR11
  • Spring Framework 4.3.15
  • Spring Integration 4.3.15
  • Spring Kafka 1.1.8
  • Spring Security 4.2.5
  • Spring Session 1.3.2
  • Spring Social 1.1.6

The versions of a number of third-party dependencies have also been updated.

Read more...

Multiple CVE reports published for the Spring Framework

UPDATE 2018-04-09: see follow-up announcement for 4.3.x branch.

Spring Framework 5.0.5 and 4.3.15 (superseded by 4.3.16 with CVE-2018-1275), released earlier this week, include fixes for the following vulnerabilities:

Spring Boot 2.0.1 and 1.5.11 (superseded by 1.5.12 with CVE-2018-1275), that match the above Spring Framework versions, were released today, and are now also available for use.

Please, review the information in the CVE reports and upgrade immediately.

Read more...