close
Newest Post

Spring Tips: Learn Spring for GraphQL (the last two episodes: parts 7 and 8)

Read more

Spring Boot 2.7.1 available now

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.7.1 has been released and is now available from Maven Central.

This release includes 66 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Read more

Spring Boot 2.6.9 available now

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.6.9 has been released and is now available from Maven Central.

This release includes 44 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Read more

This Week in Spring - June 21st, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you? It’s been a hot minute since we last chatted. I was in Germany this time last week. Now, I’m back in beautiful San Francisco. Today the weather will climb to a monumental 84 F! That’s very unusual, for any time of the year, here in San Francisco. Most places here in San Francisco don’t have air conditioning. Some have heating. I bought a brand new condo in 2014 and it didn’t have air conditioning. You just open the window. I am privileged enough that I have air conditioning today, of course. I mention all this to say that it’s hot here! I worry for the elderly! When it gets this hot, the YMCA and other organizations typically invite elderly people to come in and get some cool air and water. It’s dangerous. Some days it gets even hotter. Very rare, but it does happen. I hope you’re all doing well. Take care of yourselves and each other, my friends.

Read more

Spring Authorization Server 0.3.1 available now

On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 0.3.1.

You can download it from Maven Central by using the module coordinates:

implementation 'org.springframework.security:spring-security-oauth2-authorization-server:0.3.1'

See the release notes for complete details.

This release includes downgrading to JDK 1.8 baseline along with some minor enhancements and bug fixes.

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.

Read more

Spring Data 2021.2.1 and 2021.1.5 released

On behalf of the team, I’m pleased to announce Spring Data service releases 2021.2.1 and 2021.1.5.
Both releases ship with a fix for mostly bug fixes and dependency upgrades.
For your convenience, Spring Boot 2.7.1 respective 2.6.9 are going to pick up these releases in the upcoming days.

In addition, these releases include fixes for one vulnerability:

  • CVE-2022-22980
    “Spring Data MongoDB SpEL Expression Injection Vulnerability”
    SpEL injection attack in MongoDB applications through repository query methods annotated with @Query or @Aggregation using parametrized SpEL statements with non-sanitized input.
    Severity: High
Read more

Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)

Updates

  • [06-20] CVE-2022-22980 is published
  • [06-20] Spring Data MongoDB 3.4.1 and 3.3.5 are available

Table of Contents

Overview

We would like to announce that we have released Spring Data MongoDB 3.4.1 and 3.3.5 to address the following CVE report:

This vulnerability was responsibly reported by Zewei Zhang from NSFOCUS TIANJI Lab on Monday, June 13 2022. The full report will be published to MITRE and as security advisory under tanzu.vmware.com/security in the upcoming days.

Read more

Spring Tools 4.15.1 released

Dear Spring Community,

I am happy to announce the 4.15.1 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Theia.

fixes and improvements

  • (Spring Boot) fixed: VScode incorrectly suggests removing @Autowired annotation from methods (#787)
  • (Spring Boot) fixed: VScode quick fix should not suggest removing @Autowired annotation from JUnit tests (#786)
  • (Eclipse) fixed: Not able to extract the new version of spring-tool-suite-4-4.15.0.RELEASE-e4.24.0-win32.win32.x86_64.self-extracting.jar on windows 11 (#788)
  • (Eclipse) fixed: Cannot open Spring Boot Language Server Java Editor settings menu (#789)
Read more