close

Spring Boot 2.2.7 available now

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.2.7 has been released and is now available from repo.spring.io and Maven Central.

This release includes 80 bug fixes, enhancements, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

Important Security Advisory

This version of Spring Boot includes a dependency upgrade to Spring Security 5.2.4.RELEASE. It contains fixes for CVE-2020-5407 and CVE-2020-5408, see also the official announcement.

Read more

Spring Boot 2.1.14 available now

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.1.14 has been released and is now available from repo.spring.io and Maven Central.

This release includes 61 bug fixes, enhancements, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

Important Security Advisory

This version of Spring Boot includes a dependency upgrade to Spring Security 5.1.10.RELEASE. It contains fixes for CVE-2020-5407 and CVE-2020-5408, see also the official announcement.

Read more

Spring Security 5.3.2, 5.2.4, 5.1.10, 5.0.16, 4.2.16 Released

UPDATE 2020-05-13: The following versions of Spring Security address CVE-2020-5407 and CVE-2020-5408

On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.2 (release notes), 5.2.4 (release notes), 5.1.10 (release notes) , 5.0.16 (release notes), 4.2.16 (release notes). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release.

Read more

End-of-Life for Spring Security OAuth

In January 2018, we announced that the Spring Security OAuth (legacy) project is officially in maintenance mode. Later in November of 2019, we provided an update in the Spring Security OAuth 2.0 Roadmap, stating that the 2.3.x line will reach end-of-life in March 2020.

The currently supported version branches are 2.4.x and 2.5.x, with the 2.5.0 release scheduled for May 2020, which will be the final minor release.

To that end, the plan is to provide patch and security fixes for the 2.4.x and 2.5.x line until May 2021. Additionally, security fixes will be supported for the 2.5.x line until May 2022, at which point the project will have reached end-of-life. The same end-of-life timeline applies to the Spring Boot 2 auto-configuration project.

Read more

Spring Tips: Season 7 Recap

Hi, Spring fans! Welcome to the recap installment for the seventh season of Spring Tips! I can’t believe we’re already on season seven! In October of 2020, it’ll be 4 straight years of doing these videos. Hopefully, they’re helping.

Every season consists of 11 episodes and one recap blog post. Sometimes, I’ll do an occasional extra episode or I’ll do an episode during the interregnum between seasons as the situations sometimes demand. But, for now, I’m done for a little while - not as long as last time, for sure! But a little while. I need time to gather my resources, prepare new content, finish the Reactive Spring book, and produce those new episodes.

Read more

This Week in Spring - May 5th, 2020

Hi, Spring fans! Welcome to another installment fo This Week in Spring! How’re you all holding up? Me? I’m doing well, thanks. We’ve got a ton of stuff to get to so let’s!

Read more

Spring Cloud Function Native Images

Here’s the latest graph of memory versus billing for Spring Cloud Function on AWS Lambda. It shows the billing metric GBsec as a function of memory allocation in Lambda for two custom runtimes, one in plain Java and one using a GraalVM native image, as described recently in this blog by Andy Clement:

aws-billing-3.x

In both cases the functionality is identical (a simple POJO-POJO function), and they both show only the results for cold start. Warm starts, where the function was already active when the request came in, were much faster and cheaper (except for the smallest memory setting they all cost the same because there is a minimum charge for all functions in AWS). You can see that the native images start up very fast and that they are more than two times cheaper to run than the regular JVM. The fastest startup was in the 1000MB container - it only took 19ms to start the app, but it took AWS 700ms to prepare the container, so it was billed at 800ms. In fact, all of the cold starts were billed at 800ms for the native image. For the regular JVM the fastest startup was also in the 1000MB container at 300ms, but it was billed at 2200ms.

Read more

Spring Boot 2.3.0.RC1 available now

On behalf of the team and everyone that contributed, I am pleased to announce that the first release candidate of Spring Boot 2.3 is available now from our milestone repository.

This release closes over 70 issues and pull requests. Thanks to all those who have contributed.

Highlights of this milestone include:

  • Auto-configuration of a Wavefront sender bean.
  • Easier configuration of the data/time converts used by web applications.
  • Automatic creation of the developmentOnly configuration in Gradle.
  • Java buildpack support from the newly created Paketo project.
Read more