The Spring Blog

Engineering
Releases
News and Events

This Week in Spring - October 16th, 2018

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I’m in Toronto, Canada, where I’ve been speaking to customers and at a meetup, then it’s off to St. Petersburg, Russia for the epic Joker conf 2018. As usual, we’ve got a ton to cover so let’s get to it!

Read more...

Spring Project Vulnerability Reports Published

The following CVEs have been published today:

  1. CVE-2018-15756 for Spring Framework 5.1.1, 5.0.10, and 4.3.20.
  2. CVE-2018-15758 for Spring Security OAuth 2.3.4, 2.2.3, 2.1.3, and 2.0.16.

Please, review the information, including affected project versions, in the CVE reports and upgrade immediately.

Spring Boot Users:
Spring Boot 2.0.6 and 1.5.17, released earlier today, contain the fixes for the above vulnerabilities.

Read more...

Spring Boot 2.0.6

On behalf of the team and everyone that contributed, it is my pleasure to announce that Spring Boot 2.0.6 has been released and is is now available from repo.spring.io and Maven Central.

Spring Boot 2.0.6 includes 97 fixes, improvements, and dependency updates as well as a Spring Framework CVE report. Thanks to all that have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Read more...

Spring Security 5.1.1, 5.0.9, and 4.2.9 Released

On behalf of the community, I am pleased to announce that Spring Security 5.1.1 (changelog) Spring Security 5.0.9 (changelog) and 4.2.9 (changelog) have been released. The releases primarily deliver bug fixes and dependency version updates along with some minor improvements. The releases will be found in the upcoming Spring Boot maintenance releases coming this week.

Read more...

Spring Boot 1.5.17

On behalf of the team and everyone that contributed, I am pleased to announce that Spring Boot 1.5.17 has been released and is is now available from repo.spring.io and Maven Central.

Spring Boot 1.5.17 includes 19 fixes, improvements, and dependency updates as well as 2 CVE reports. Thanks to all that have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Read more...

Spring Noticias en Español, 16 de octubre 2018

SNES logo

Bienvenidos a todos a la segunda edición de Spring Noticias en Español!!

Como siempre, envíame noticias de tus logros en @mkheck en Twitter, [email protected], o [email protected] y los compartiré con la comunidad.

Para esta edición, aquí tienes unos artículos muy interesantes:

Read more...

Spring Data Lovelace SR1, Kay SR11, and Ingalls SR16 released

On behalf of the Spring Data team, I’d like to announce the availability of the Lovelace SR1, Kay SR11, and Ingalls SR16 maintenance releases. All of these releases pick up the latest Spring Framework maintenance releases: 5.1.1, 5.0.10, and 4.3.20, respectively. Spring Boot is going to pick up Kay SR11 and Ingalls SR16 for easier consumption with its Spring Boot releases 2.0.6 1.5.17 releases, respectively.

The service releases ship with mostly bug fixes and a few dependency upgrades and with over 70 issues fixed in total. You can find the complete list of issues by following the links below:

Read more...

Spring Framework 5.1.1, 5.0.10 and 4.3.20 available now

On behalf of the team, I am pleased to announce that Spring Framework 5.1.1, 5.0.10 and 4.3.20 are available now.

The first maintenance release of the 5.1 line includes over 30 fixes and improvements. Spring Framework 5.0.10 also includes a wide range of 20 fixes and improvements while Spring Framework 4.3.20 is a rather minimal patch release.

The first release candidate of Spring Boot 2.1, based on Spring Framework 5.1.1, is around the corner! We’ll also follow up with corresponding Spring Boot 2.0.6 and 1.5.17 releases later this week.

Read more...