Spring Framework Releases Fixes for CVE-2024-38816
The Spring Framework has released version 6.1.13 that contains a fix for CVE-2024-38816: Path traversal vulnerability in functional web frameworks.
Note that open source support for Spring Framework 5.3.x and 6.0.x generations has ended last month, as announced previously. As a result, this fix has been applied to the 5.3.40 and 6.0.24 commercial releases, available now.
If you are not a commercial customer, please consider upgrading to an open source supported version at your earliest convenience.
Upgrading Your Project
Commercial customers using Spring Boot 2.7, 3.0, or 3.1 can make use of Spring Boot Hotfix releases 2.7.22.1, 3.0.17.1, and 3.1.13.1. Releases are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription…
Spring Framework 5.3.40 and 6.0.24 available now
On behalf of the team, I am pleased to announce that Spring Framework 5.3.40 and 6.0.24 have been released for support customers. The releases are available from https://packages.broadcom.com.
Those are out of cycle releases that address CVE-2024-38816, we will resume our usual 3 months cadence for 5.3.x and 6.0.x commercial releases.
Spring Framework 6.2.0-RC1 available now
We are happy to announce the availability of the first release candidateof Spring Framework 6.2. We shipped a few features since the last M7 release.
Spring Framework 6.2.0-RC1 is available from repo.spring.io/milestone now, check out the detailed changelog for this version.
Housekeeping
On top of new features, we also use minor versions as an opportunity to do some housekeeping in our codebase. For example, we harmonized Reactor client class names within the http.client package or promoted Etag as a first class concept. While those changes should be functionally equivalent, they might cause…
Spring Framework 6.1.13 Available Now
On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.1.13
is available now.
Spring Framework 6.1.13
ships with 24 fixes and documentation improvements. This version will be shipped with Spring Boot 3.2.10 and Spring Boot 3.3.4 next week.
A Bootiful Podcast: Spring creator and cofounder, Dr. Rod Johnson
In this wide-ranging interview, I finally sit down one-on-one and talk to Dr. Rod Johnson, the creator of Spring, entrepreneur, venture capitalist, engineer, father, Kotlin fan, AI researcher, and musician, about this, that, and everything in between, fresh off our recent SpringOne presentation on Spring AI with Spring AI founder Dr. Mark Pollack. This is an extra special, extra-long episode!
Spring Tools 4.25.0 released
Dear Spring Community,
I am happy to announce the 4.25.0 release of the Spring Tools 4 for Visual Studio Code, Eclipse and Theia.
important highlights
- (Spring Boot) Code lenses added to explain SPEL expressions and AOP annotations with Copilot (VSCode only)
- (Spring Boot) Symbols, content-assist, and navigation support added for
@Named
,@Resource
,@Inject
, and@ConditionalOnResource
- (Spring Boot) Syntax highlighting and validation for CRON expressions inside
@Scheduled
annotation (VSCode only) - (Spring Boot) Navigating to definition for some elements of Data Queries embedded into
@Query
annotations …
This Week in Spring - September 10th, 2024
Hi, Spring fans! Or, I suppose: 안녕하세요, Spring 팬 여러분! I'm writing this from a café in scintillating Seoul, Korea. It's amazing. I've been talking to developers of all stripes who are using and building upon Spring to do all sorts of cool stuff.
And tomorrow, it's off to jolly Japan. I'll be speaking, among other places, at the Japanese Spring User Group in Tokyo. I'd love to see you there!
We've got a lot to cover so let's dive right into it!
- Spring Framework contributor Sébastien Deleuze has a nice sample application demonstrating Kotlin/WASM, leveraging Kotlin serialization on both JVM and in WASM, and using Spring Boot 3.3 and Kotlin 2.0.
- Speaking of Sébastien, I interviewed him, and we talked about all things Spring, AppCDS, GraalVM, Project Leyden, Kotlin, and more.
- I also interviewed Spring founder Rod Johnson yesterday, and we talked about all things Spring, AI, venture capital, and more.
- There’s an interesting discussion on a ticket in Spring Framework around proxies with CGLIB when
@Aspect
is used. - Micrometer 1.13.4 is out!…
A Bootiful Podcast: Sébastien Deleuze on Spring Framework and Kotlin, GraalVM, Project Leyden, AppCDS, runtime efficiency, Kotlin, and more
Dive deep into the world of Spring Framework and Kotlin, GraalVM, Project Leyden, AppCDS, runtime efficiency, Kotlin, and more, with the one and only Sébastien Deleuze! From runtime efficiency to all things Kotlin, this episode is packed with expert insights and valuable information. Don't miss out on this enlightening conversation with a true Spring guru! Tune in now! #Java #SpringFramework #Kotlin #TechTalks #SpringBoot
This Week in Spring - September 3rd, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's September 3rd, and I'm still buzzing from the last week's SpringOne extravaganza! Also: I'm tired. Last week was nuts. I'm super glad it happened, but I'm tired. And also buzzing. You know? Surely you don't. I hope not lol. It's confusing. I feel like I am still "on," like there's work to be done for SpringOne. But I think I also appreciate that it's in the rear view window and it's time to focus on what's ahead: Asia! This Friday, I head to Korea, then Japan, then India, and then (not yet confirmed) China. Pay…