On behalf of the team, I’m pleased to announce the availability of the 2022.0.1 and 2021.2.7 service releases. Those releases ship with mostly bug fixes and dependency upgrades.

For your convenience, the next Spring Boot releases will pick up 2022.0.1 and 2021.2.7 in the upcoming days. To round things off, here are the links to the individual modules, changelogs, and documentation:

2022.0.1

• Spring Data Commons 3.0.1 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data JPA 3.0.1 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data for Apache Cassandra 4.0.1 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data Neo4j 7.0.1 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data MongoDB 4.0.1 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data KeyValue 3.0.1 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data LDAP 3.0.1 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data REST 4.0.1 - Artifacts - Javadoc - Documentation - …

On behalf of the team, it is my very great pleasure to announce that Spring Vault 3.0 is now generally available, and 3.0.0 can be found in Maven Central.

This release ships with several refinements and new features. Highlights of the new release include:

• A Java 17 baseline

• Support additional HTTP Clients, including the reactive JDK HTTP Client

• Support for Vault Repositories using versioned Key/Value secrets engines

There are far too many features to list them all here in detail, so head over to the release notes page in our wiki to find out more.

Thanks to everyone who has contributed…

On behalf of the Spring Data engineering team and everyone who contributed to this release, I am pleased to announce the general availability of Spring Data 2022.0 (Codename: Turing) from Maven Central! It is the third major revision since Spring Data's inception in 2009 to serve you as your framework for modern-day data applications.

Spring Data 2022.0 builds on top of the just-released Spring Framework 6.0 with a Java 17+ baseline. Modules leveraging Jakarta EE technologies, such as Spring Data JPA and Spring Data REST, have been upgraded to Jakarta EE 9+, moving to the jakarta namespace…

On behalf of the team, I’m pleased to announce the availability of Spring Data 2021.2.6 and 2021.1.10 releases. The service releases ship with mostly bug fixes and dependency upgrades.

For your convenience, the next Spring Boot releases are going to pick up 2021.2.6 and 2021.1.10 in the upcoming days. To round things off, here are the links to the individual modules, changelogs, and documentation:

2021.2.6

• Spring Data Commons 2.7.6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data JDBC 2.4.6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data JPA 2.7.6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data Neo4j 6.3.6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data MongoDB 3.4.6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data KeyValue 2.7.6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data for Apache Cassandra 3.4.6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data R2DBC 1.5.6 - Artifacts - Javadoc - Documentation - …

On behalf of the team, I’m pleased to announce the second Spring Data release candidate 2022.0.0-RC2. This release candidate ships with numerous fixes and a refined observability integration through Micrometer for MongoDB, Redis, and Apache Cassandra modules.

For your convenience, Spring Boot 3.0.0-RC2 is going to pick up this release in the upcoming days.

You can find the full release notes in the wiki. We continue looking for feedback to incorporate any last minute changes in our upcoming 2022.0.0 GA release later this month.

Finally, here are the links to the documentation of each…

Dear Spring community,

On behalf of the Spring Data team and everyone who contributed, it is my pleasure to announce that Spring Data 2022.0.0 has entered its release candidate phase by releasing RC1 today. It is available from the milestone repository. This release ships with several tickets fixed. Along with the release candidate, we shipped 2021.2.5 and 2021.1.8 service releases, to be picked up by corresponding Spring Boot releases.

The release candidate ships with a revised module structure, specifically Spring Data for Apache Geode is no longer part of the release train. Expect a blog…

Project Loom has made it into the JDK through JEP 425. It’s available since Java 19 in September 2022 as a preview feature. Its goal is to dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications.

Where Virtual Threads make sense

This makes lightweight Virtual Threads an exciting approach for application developers and the Spring Framework. Past years indicated a trend towards applications that communicate over the network with each other. Many applications make use of data stores, message brokers, and remote services. I/O-intensive applications are the primary ones that benefit from Virtual Threads if they were built to use blocking I/O facilities such as InputStream and synchronous HTTP, database, and message broker clients. Running such workloads on Virtual Threads…

On behalf of the team, I’m pleased to announce the 6th Milestone of Spring Data 2022.0.0 and service releases 2021.2.3 and 2021.1.7. The service releases ship with mostly bug fixes and dependency upgrades.

The releases include a fix for CVE detected in Spring Data REST. Be sure to update as soon as possible and check out details here.

For your convenience, the next Spring Boot releases will pick up 2021.2.3 and 2021.1.7 in the upcoming days. To round things off, here are the links to the individual modules, changelogs, and documentation:

2022.0.0-M6

• Spring Data Commons 3.0 M6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data JPA 3.0 M6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data KeyValue 3.0 M6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data for Apache Cassandra 4.0 M6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data Neo4j 7.0 M6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data MongoDB 4.0 M6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data for Apache Geode 3.0 M6 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data LDAP 3.0 M6 - Artifacts - Javadoc - Documentation - …

Updates

• [06-20] CVE-2022-22980 is published
• [06-20] Spring Data MongoDB 3.4.1 and 3.3.5 are available

Table of Contents

• Overview
• Vulnerability
• Am I Impacted
• Status
• Suggested Workarounds

Overview

We would like to announce that we have released Spring Data MongoDB 3.4.1 and 3.3.5 to address the following CVE report:

• CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods

This vulnerability was responsibly reported by Zewei Zhang from NSFOCUS TIANJI Lab on Monday, June 13 2022. The full report will be published to MITRE and as security advisory under tanzu.vmware.com/security…

On behalf of the team, I’m pleased to announce Spring Data service releases 2021.2.1 and 2021.1.5. Both releases ship with a fix for mostly bug fixes and dependency upgrades. For your convenience, Spring Boot 2.7.1 respective 2.6.9 are going to pick up these releases in the upcoming days.

In addition, these releases include fixes for one vulnerability:

• CVE-2022-22980 "Spring Data MongoDB SpEL Expression Injection Vulnerability"

SpEL injection attack in MongoDB applications through repository query methods annotated with @Query or @Aggregation using parametrized SpEL statements with non-sanitized input. Severity: …