Last fall, a security vulnerability affecting Spring Data REST was discovered. We patched the affected modules and published a CVE. We've seen some recent news about this that's led to confusion. Here's the scoop:

tl;dr:

• There was a security vulnerability allowing arbitrary code execution in Spring Data REST up to version 2.6.8 and 3.0.0.
• This vulnerability has been fixed in the following versions:

-- Spring Data REST 2.6.9 (Ingalls SR9, Oct. 27th, 2017), included in Spring Boot 1.5.9 (Oct, 28th 2017). -- Spring Data REST 3.0.1 (Kay SR1, Oct. 27th 2017), included in Spring Boot 2.0 M6, (Nov…

On behalf of the Spring Data team I'd like to announce the eighth service release of the release train Ingalls. The release ships on top of the just released Spring Framework 4.3.12 and in preparation of the upcoming Spring Boot 1.5.8 released.

The release ships 42 (yay!) tickets fixed and is a recommended upgrade to all users of the Ingalls release train.

• Spring Data Commons 1.13.8 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data JPA 1.11.8 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data KeyValue 1.2.8 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data for Apache Solr 2.1.8 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data Gemfire 1.9.8 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data Neo4j 4.2.8 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data MongoDB 1.10.8 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data for Apache Cassandra 1.5.8 - Artifacts - JavaDocs - Documentation - …

On behalf of the Spring Data engineering team I am happy to announce the general availability of Spring Data Kay. It's the first major revision since Spring Data's inception in 2009 and thus packed with tons of features. Here are the most significant ones:

• Upgrade to Spring Framework 5.0, Java 8 and JavaEE 7 as baseline
• Revised repository APIs (better method names, Optional etc.)
• A revised repository composition model
• Support for reactive data access for Cassandra, Couchbase, MongoDB and Redis
• Addition of Spring Data Geode to the release train
• Use of nullability annotations and advanced runtime checks on those
• Kotlin support for null-safety and immutable data classes supported through Kotlin constructors
• General Java 9 compatibility
…

On behalf of the Spring Data team, I'd like to announce the availability of the second milestone of the release train Kay. The release is an important step towards a second generation of Spring Data.

We've upgraded the majority of the codebase to Java 8, now also embracing e.g. Optional in method signatures. This mostly affects internal SPIs but also leaks into user code, especially in CrudRepository. The support for reactive Spring Data repositories has been extended to Couchbase (Thanks, Subhashni!), the Redis module has a reactive template API now. The release also ships support for IsEmpty and IsNotEmpty for derived queries and implementaitons of those for MongoDB and JPA. The aggregation framework in MongoDB now also supports…

On behalf of the entire team, I'd like to announce the availability of Ingalls SR1 and Hopper SR8 service releases. Both of them ship 77 issues fixed in total. As usual, service releases are bugfix ones and recommended upgrades for all users. The releases are going to be picked up by the upcoming Boot 1.5 and 1.4 services releases for your convenience.

The complete list of issues fixed for Ingalls SR1 can be found here, the one for Hopper SR 8 here.

Spring Data Ingalls SR1

• Spring Data Commons 1.13.1 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data JPA 1.11.1 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data KeyValue 1.2.1 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data for Apache Cassandra 1.5.1 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data for Apache Solr 2.1.1 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data Gemfire 1.9.1 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data Neo4j 4.2.1 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data MongoDB 1.10.1 - Artifacts - JavaDocs - Documentation - …

In preparation of the upcoming Spring Boot 1.4.4 release, I am pleased to announce the availability of the seventh service release of Spring Data release train Hopper. The release ships 39 tickets fixed and is a recommended upgrade for all users.

• Spring Data Commons 1.12.7 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data JPA 1.10.7 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data KeyValue 1.1.7 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data for Apache Cassandra 1.4.7 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data for Apache Solr 2.0.7 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data Gemfire 1.8.7 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data Neo4j 4.1.7 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data MongoDB 1.9.7 - Artifacts - JavaDocs - Documentation - …

On behalf of the Spring Data team I'd like to announce the general availability of our Ingalls release train. After nine months of development, this release not only contains a huge set of new features, improvements and bug fixes, it also marks the conclusion of a branch of Spring Data that has helped developers dealing with persistence for more than 5 years --- even 8, if you count in some module's predecessors.

The release ships more than 630 tickets fixed in total. Here's a very truncated list of the most important features shipping with the release:

• Upgrade to Spring 4.3 as Spring Framework baseline.
• Add Spring Data LDAP (the Spring Data related bits of Spring LDAP) to the release train.
• Elevate Spring Data for Apache Cassandra to a Core module, give it a complete overhaul and upgrade it to Cassandra 3. User defined types, support for Java 8 Stream and Optional etc.
• Performance improvements in object-to-store mapping by avoiding reflection in favor of ASM generated code using method handles.
• More aggregation framework for MongoDB.
• Improved stream execution verification in JPA (reports a missing surrounding transaction).
• …

On behalf of the Spring Data team I'd like to announce the first (and final) release candidate of Spring Data train Ingalls. The release ships over 310 issues fixed (some of them previously released with Hopper service releases). The most important new features are:

• Upgrade to Spring 4.3(.5) as baseline - #294.
• Support to easily expose domain events as Spring application events from aggregate roots - DATACMNS-928.
• Support for exists projection from derived query methods - DATACMNS-875.
• Support for Javaslang's Option, collection and map types on repository query methods - DATACMNS-937, DATACMNS-940.
• Added Spring Data LDAP module taking over the repository implementation of Spring LDAP.
• Support for MongoDB aggregation operators added in latest releases - DATAMONGO-1536.
• Stream execution now rejects invocation without surrounding transaction in JPA - DATAJPA-1023…

On behalf of the Spring Data team, I’d like to announce the first milestone of the Kay release train. This is a special release train as it's going to ship a new generation of Spring Data that will include a couple of breaking changes going forward.

Infrastructure upgrades

The first and most noticeable change is the upgrade to Java 8 as a minimum baseline (no JDK 6 compatibility anymore) and an upgrade to Spring 5 as framework foundation. In subsequent milestones we're going to ship some significant internal rewrites that will also affect user facing API to make use of the new language…

On behalf of the Spring Data team I am happy to announce the fifth service release of Spring Data Hopper. It contains variety of bug fixes and is a recommended upgrade for all users of this or any previous release train. The overall list of fixed tickets can be found here.

• Spring Data Commons 1.12.5 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data JPA 1.10.5 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data KeyValue 1.1.5 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data for Apache Cassandra 1.4.5 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data for Apache Solr 2.0.5 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data Gemfire 1.8.5 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data Neo4j 4.1.5 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data MongoDB 1.9.5 - Artifacts - JavaDocs - Documentation - …