Spring Integration 4.3.11 is Available

Releases | Artem Bilan | July 20, 2017 | ...

On behalf of the Spring Integration team, I am pleased to announce that the 4.3.11.RELEASE of Spring Integration is now available.

This release contains a few important bug fixes as well as a couple of improvements. In particular it contains a fix for the Jackson Serialization Gadgets vulnerability. Hence introduced in the version 4.3.10 custom ObjectMapper utility doesn’t allow now to deserialize objects in the untrusted packages. The set of trusted packages can be configured or you can use * to trust all. See JacksonJsonUtils.messagingAwareMapper() for more information.

Another useful fix is for (S)FTP Inbound Channel Adapters (and other remote file protocols, e.g. AWS S3) to rollback filtering for updated remote file when we can’t transfer it to the local copy.

This version is the default version with the Spring Boot 1.5.5 release.

Project Page | JIRA | Contributions | Help | Chat

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all