Hi Spring fans! This week I’m excited to welcome Sreee Tummidi, a senior product manager working at the intersection of application security and platform at Pivotal. We talked about security, Spring Security, cloud platforms, OAuth, OIDC and OIDC Connect, SAML, and of course the Cloud Foundry UAA, and tons more.
Twitter: @sreetummidi
UAA
We have released Spring Security OAuth 2.3.5, 2.2.4, 2.1.4 and 2.0.17 to address CVE-2019-3778: Open Redirector in spring-security-oauth2. Please review the information in the CVE report and upgrade immediately.
For additional changes included in each release, please refer to:
NOTE: For users of Spring Boot 1.5.x and Spring IO Platform Cairo, it is highly recommended to override the spring-security-oauth version to the latest version containing the fix for the CVE. Please see the Mitigation section in the CVE report for detailed instructions on how to override the version.
The quickest way to generate Spring Boot projects is through start.spring.io. The site provides a curated list of dependencies that you can add to your application based on the selected Spring Boot version. You can also choose the language, build system and JVM version for the project. Over the years, the popularity of start.spring.io as the tool for generating Spring projects has grown exponentially and millions of projects are generated every year using the site.
For the past few months, we’ve been working on a complete overhaul of the project generation API. To better understand the motivation behind this, take a look at the project structure below:
Hi Spring fans! Can you believe it? We’re at the end of yet another season - our fifth! - of Spring Tips! I wasn’t sure at first (when we started down this journey a few years ago) that these videos would take off or become popular but it seems the Spring community’s curiosity knows no bounds!
I try in every season to look at new technology (RSocket and R2DBC, eh, spring to mind..), and to introduce variations on themes (we looked at three projects that extend Spring Cloud to native IaaS-platforms this season!), and to introduce potentially niche but often appreciated topics (this season we looked at BPMN 2 workflow management with Flowable and we looked JavaFX, for example). I also try whenever possible to introduce concepts in terms of Spring (where normally I introduce Spring in terms of the concepts they support). This season was, from that perspective, a success.
Hi Spring fans! Welcome to another installment of This Week in Spring! In the US, Monday was a public holiday so today, Tuesday, feels a bit like Monday and i was happily going through the Monday motions and then I got a reminder that I had to write this week’s installment! Ooops! Thank goodness for technology.
I’m at San Francisco International Airport about to board a fight for the Washington DC edition of the SpringOne Tour. Are you going to be in Washington DC? Reach out and say hi! My direct messages on Twitter are correct, too
The Spring Cloud Connectors library has been with us since the launch event of Cloud Foundry itself back in 2011. One of the main goals of the connector library and Cloud Foundry’s Java buildpack was to “reduce the initial investment when you want to get started with Cloud Foundry”. The connector library creates the Spring bean definitions required to connect to backing services, like databases, using information contained in the VCAP_SERVICES environment variable. The buildpack then replaces these bean definitions you had in your application with those created by the connector library through a feature called ‘auto-reconfiguration’. You may have seen it mentioned in the logs when you pushed an app to Cloud Foundry…
On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.1.3 has been released and is is now available from repo.spring.io and Maven Central.
This release includes over 70 fixes, improvements and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.
If you are still using Spring Boot 2.0.x, an upgrade to Spring Boot 2.1.x is strongly encouraged. Following the announcement that Spring Framework 5.0.x will reach its EOL in March, Spring Boot 2.0.x will follow suit with a final release in the 2.0.x line planned for late March. As previously announced, Spring Boot 1.5.x will continue to be maintained until it reaches its EOL in August.
It was a lot of fun to talk to Greg Turnquist, one of the more industrious and variously applied members of the Spring family, about how he found his way to the Spring team and community, Python, his new book, Spring team legends like Keith Donald and Brian Dussault, and so much more.
On behalf of the community I am pleased to announce the release of Spring Security 5.1.4 (changelog). This release provides a round of bug fixes and users are encouraged to update to the latest patch release.
On behalf of the Spring Data team, I’d like to announce the availability of the Lovelace SR5 maintenance release. This release ships on top of the just-released Spring Framework 5.1.5. Spring Boot 2.1.3 is going to pick up Lovelace SR5, for your convenience.
The service releases ship with mostly bug fixes and a few dependency upgrades addressing about 40 tickets.
Last but not least, here’s the laundry list:
