The Spring Blog

Engineering
Releases
News and Events

Spring Cloud Data Flow 2.1.0.M1 released

The Spring Cloud Data Flow team is pleased to announce the release of a 2.1.0 M1 milestone-release. Follow the Getting Started guides for running on Local, Cloud Foundry, and Kubernetes.

What’s new?

SCDF Helm Chart and Apache Kafka

With continued interest from the community, as of v2.0.2, we have now added support to toggle between RabbitMQ and Apache Kafka when using SCDF’s helm chart. Though the chart is in the PR status in Helm repository, you could still try it out and give us feedback.

Docker Compose and Apache Kafka

Read more...

Spring Tools 4.2.1 released

Dear Spring Community,

I am happy to announce the 4.2.1 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Atom.

Highlights from this release include:

  • (Spring Boot) performance: additional performance and memory footprint improvements to symbol indexing, now eats less memory and is faster while doing the initial indexing run
  • (Spring Boot) new: content-assist for bean types in Spring XML config files
  • (Spring Boot) new: content-assist for property names in Spring XML config files
  • (Spring Boot) new: content-assist for bean references in property definitions in Spring XML config files (very rough early cut, needs a lot more work on proposal content, number of proposals, and sorting)
  • (Eclipse) fixed: empty property values in custom properties not set when launching boot apps (#275)
  • (Eclipse) fixed: content-assist doesn’t activate (restart) old language servers anymore
Read more...

CVE-2019-3799: Spring Cloud Config 2.1.2, 2.0.4, 1.4.6 Released

We have released Spring Cloud Config 2.1.2, 2.0.4, and 1.4.6 to address CVE-2019-3799: Directory Traversal with spring-cloud-config-server. Please review the information in the CVE report and upgrade immediately.

These fixes will be included in the next release of the respective Spring Cloud release train.

NOTE: To override the version in Maven, update the dependency to include the version, such as:

<dependency>
	<groupId>org.springframework.cloud</groupId>
	<artifactId>spring-cloud-config-server</artifactId>
	<version>2.1.2.RELEASE</version>
</dependency>
Read more...

Spring Cloud Task 2.2.0.M1 is now available

We are pleased to announce that Spring Cloud Task 2.2.0.M1 is now available on Github and the Pivotal download repository. Many thanks to all of those who contributed to this release.

What’s New?

Spring Cloud Task 2.2.0.M1 is intended to be the version of the framework aligned with Spring Boot 2.2.0. Updates from 2.0.x include:

  • Update all dependencies.
  • Spring Cloud Task compiles and runs on Java 8, 9, 10, 11, 12.
  • Spring Cloud Task Reference documentation has been modernized.
  • Bug Fixes

What Else Is Going On?

Read more...

Flight of the Flux 2 - Debugging Caveats

This blog post is the second in a series of posts that aim at providing a deeper look into Reactor’s more advanced concepts and inner workings.

It is derived from my Flight of the Flux talk, which content I found to be more adapted to a blog post format.

I’ll update the table below with links when the other posts are published, but here is the planned content:

  1. Assembly vs Subscription
  2. Debugging caveats (this post)
  3. Concurrent Agnostic
  4. Schedulers and publishOn vs subscribeOn
  5. Inner workings: work stealing
  6. Inner workings: operator fusion
Read more...

Introducing Spring Cloud Circuit Breaker

Background

When using a microservices architecture to build our applications, it is very common to end up with a pretty complex dependency tree amongst services. If the service down the dependency tree encounters an issue that causes it to start to respond slowly, it ends up causing a set of issues that cascade up the dependency tree. As more and more requests come in to the application, more and more resources may be consumed by waiting for the slow service to respond. Even worse, the additional load being put on the slow service may exacerbate the problem. To help alleviate the effect of these types of cascading failures, it is common practice to use circuit breakers as part of microservice applications.

Read more...

Spring Security 5.2.0.M2 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.M2! This release includes 100+ updates. You can find the highlights below:

OAuth 2.0

gh-6446 - Client Support for PKCE

PKCE isn’t just for native or browser-based apps, but for any time we want to have a public client. Spring Security 5.2 introduces a secure way for backends to authenticate as public clients.

gh-5350 - OpenID Connect RP-Initiated Logout
gh-5465 - Ability to use symmetric keys with JwtDecoder
gh-5397 - Ability for NimbusReactiveJwtDecoder to take a custom processor
gh-6513 & gh-5200 - Support for Resource Server Token Introspection

Resource Server now supports a second OAuth 2.0 token verification strategy: Token Introspection. This is handy when a Resource Server wants to or must verify the token remotely.

gh-5351 - Support for Resource Server Multi-tenancy (Servlet only)

With the introduction of AuthenticationManagerResolver, initial support for multi-tenant Resource Servers has arrived.

Read more...

Spring Boot 2.2 M2

On behalf of the team and everyone that contributed, I am pleased to announce that the second milestone of Spring Boot 2.2 has been released and is available from our milestone repository. This release closes almost 100 issues and pull requests.

Highlights of this milestone include:

  • Spring Framework 5.2.0.M1
  • @ConfigurationProperties scanning
  • Immutable @ConfigurationProperties binding
  • Initial RSocket Server Support
  • Lazy Initialization and performance improvements

For a complete list of changes and upgrade instructions, please see the Spring Boot 2.2 Release Notes on the wiki and the updated reference documentation.

Read more...

This Week in Spring - April 16th, 2019

Hi Spring fans! What a week it’s been! When we last spoke I was in Capetown, South Africa or Johannesburg, South Africa. I’ve since been to Mauritius, back to Capetown, Serbia (for the amazing ITKonekt conference) and I’m now staring at the beautiful Bund river in beautiful Shanghai, China as I write this.

We’ve got a ton to get to this week, as usual, so let’s get to it.

Read more...