The Spring Blog

Engineering
Releases
News and Events

Spring Tool Suite 3.9.9 released

Dear Spring Community,

I am happy to announce the 3.9.9 maintenance release of the Spring Tool Suite 3 (STS3).

Highlights from this release include:

  • updated to Eclipse 2019-06 release
  • mimics the https-preferring XSD schema lookup of the core Spring framework
  • allows users to use https for Spring schema locations as default
  • various bug fixes

To download the distributions, please go visit:

Read more...

CVE-2019-11272: Spring Security 4.2.13 Released

Users are encouraged to update immediately.

With Spring Boot, you can override the Spring Security version in Maven like so:

<properties>
    <spring-security.version>4.2.13.RELEASE</spring-security.version>
</properties>

Or in Gradle like so:

ext['spring-security.version'] = '4.2.13.RELEASE'

Note that users of Spring Security 5+ are not affected by this vulnerability.

Read more...

Java CFEnv 1.1 GA Released

On behalf of the Java CFEnv community I am happy to announce the release of Java CFEnv 1.1 GA.

This release add support for the following services:

  • Volume Services

  • Pivotal Single Sign-On Service

  • Pivotal Redis Service

It also adds the following functionality:

  • Checks the classpath to correctly determine setting of MySQL or MariaDB driver class name.

  • When using the Spring Boot support, an exception is thrown if the Spring Cloud Connector library is on the classpath. This applies only for the following services: DataSource, RabbitMQ, Cassandra, MongoDB, and Redis. The exception message indicates to set the environment variable JBP_CONFIG_SPRING_AUTO_RECONFIGURATION '{enabled: false}'

  • Support for Boot 1.5.x by copying a logging utility class into the project.

Read more...

Spring Boot 2.2.0.M4

On behalf of the team and everyone that contributed, I am pleased to announce that the fourth milestone of Spring Boot 2.2 has been released and is available from our milestone repository. This release closes over 170 issues and pull requests.

For a complete list of changes and upgrade instructions, please see the Spring Boot 2.2 Release Notes on the wiki and the updated reference documentation.

If you want to get started with 2.2 and try out the new features, you can bootstrap a new project on https://start.spring.io.

Read more...

Spring Boot 2.1.6 released

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Boot 2.1.6 has been released and is now available from repo.spring.io and Maven Central.

This is a maintenance release that includes a number bug fixes, dependency updates and documentation improvements.

Remember that Spring Boot 1.5 will be end of life in august, so all users should now be upgrading to Spring Boot 2.1.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Read more...

This Week in Spring - June 18, 2019

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I’m in delightful Des Moines, Iowa; and then it’s off to the twin cities of DescriptionMinneapolis–Saint Paul for the epic SpringOne Tour event there.

We’ve got tons to look at this week so let’s get to it!

Read more...

Spring Session Corn-M2 and Spring Session Bean-SR6 Released

This post was authored by Vedran Pavić

On behalf of the community I’m pleased to announce the releases of Spring Session Corn-M2 and Bean-SR6. These releases will be picked up by Spring Boot 2.2.0.M4 and 2.1.6.RELEASE, respectively.

Spring Session Corn-M2

The Corn-M2 release is based on:

  • Spring Session core modules 2.2.0.M2

  • Spring Session Data Geode 2.2.0.M2

  • Spring Session Data MongoDB 2.2.0.M3

Some of the highlights of Spring Session 2.2.0.M2 are:

  • simple Redis-based implementation of SessionRepository

  • reworked @Configuration classes are now compatible with proxyBeanMethods=false

  • migration of project’s tests to JUnit 5

  • simplified project structure

Complete details of these releases can be found in the changelog.

SimpleRedisOperationsSessionRepository

The biggest highlight of the release is the new, simple, Redis-based implementation of SessionRepository that’s offered as an alternative to the well known RedisOperationsSessionRepository.

The original RedisOperationsSessionRepository, on top of core SessionRepository functionality, provides support for session events (that are translated to HttpSessionEvent instances) and also implements FindByIndexNameSessionRepository (that allows retrieval of sessions for a given principal). The support for these two features comes at a cost, as there’s some complexity around how the sessions need to be persisted in Redis.

For many applications, support for session events and principal index isn’t essential and this was the main motivation for providing an alternative in SimpleRedisOperationsSessionRepository. The new SessionRepository does not yet have a first-class support in Spring Session’s configuration infrastructure, so it can be configured as follows:

@EnableSpringHttpSession
public class RedisSessionConfiguration {

    @Autowired
    private RedisConnectionFactory redisConnectionFactory;

    @Bean
    public RedisOperations<String, Object> sessionRedisOperations() {
        RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>();
        redisTemplate.setConnectionFactory(this.redisConnectionFactory);
        redisTemplate.setKeySerializer(new StringRedisSerializer());
        redisTemplate.setHashKeySerializer(new StringRedisSerializer());
        return redisTemplate;
    }

    @Bean
    public SimpleRedisOperationsSessionRepository sessionRepository(
            RedisOperations<String, Object> sessionRedisOperations) {
        return new SimpleRedisOperationsSessionRepository(sessionRedisOperations);
    }

}

Consider giving Corn-M2 release and SimpleRedisOperationsSessionRepository a spin, and let us know of your feedback!

Read more...

Spring Cloud Open Service Broker 3.0.2 Released

We are pleased to announce the 3.0.2 release of Spring Cloud Open Service Broker. This is a maintenance release that includes the following updates:

  • Return correct HTTP status when the X-Broker-API-Version header doesn’t exist
  • Return correct HTTP status when missing certain required fields and query parameters
  • Fix support for service instance binding getLastOperation
  • Return correct HTTP status when attempting to retrieve non-existant service instance or service instance binding

Include the following Spring Boot starter:

Read more...