Spring Framework CVE-2024-38819 and CVE-2024-38820 published
The Spring Framework has released version 6.1.14 that contains a fix for both:
- CVE-2024-38819: Path traversal vulnerability in functional web frameworks (2nd report)
- CVE-2024-38820: Spring Framework DataBinder case sensitive match exception
Note that open source support for Spring Framework 5.3.x and 6.0.x generations has ended last August, as announced previously. This fix has been applied to the 5.3.41 and 6.0.25 commercial releases, available now.
If you are not a commercial customer, please consider upgrading to an open source supported version at your earliest convenience.
Upgrading…
Spring Framework 6.2.0-RC2 available now
We are happy to announce the availability of the second release candidate of Spring Framework 6.2. We have been working on fixing regressions from previous milestones and shipping performance improvements.
Spring Framework 6.2.0-RC2 is available from repo.spring.io/milestone now, check out the detailed changelog for this version.
Spring 3.4.0-RC1 will be released next week, a good opportunity for testing the upcoming Spring generation in existing applications!
6.2 features recap
Check out our What's New page for details about the new features available at this point.
Spring Framework 6.1.14 Available Now
On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.1.14
is available now.
Spring Framework 6.1.14
ships with 25 fixes and documentation improvements. This version will be shipped with Spring Boot 3.2.11 and Spring Boot 3.3.5 next week.
A Bootiful Podcast: Oracle Developer Advocate Andres Almiray
Hi, Spring fans! In this installment I talk to Oracle developer advocate Andres Almiray about the latest-and-greatest in the amazing Oracle database. #Oracle #SQL #Java #JConf
This Week in Spring - October 15th, 2024
Hi, Spring fans! Welcome to another rip-roaring and ever-so-riveting installment of This Week in Spring! I'm in Amsterdam, at the moment, rounding out a week between Antwerp, Beglium, and Amsterdam, the Netherlands. Today I'm off to Dubai for the fantastic GITEX/DevSlam event. Then I return back to Europe for Voxxed Days Thessaloniki, in Greece. Should be a fun week!
It's certainly been a fun week! Let's dive right into it!
- Spring AI 1.0.0. M3 has been released
- In last week's installment of A Bootiful Podcast, I talk to New York Java SIG chair and founder Frank Greco about community, AI, and more
- Spring Cloud 2024.0.0.-M2 (aka Moorgate) has been released
- Spring Batch 5.2.0 M2 is available now
- Oded Shopen, friend of Spring, has updated the distributed microservices implementation of Petclinic to feature a Spring Ai assistant
- Spring Framework committer Sebastien Deleuze was part of this Devoxx Belgium talk looking at Project Leyden, along with Per Minborg, and it's quite amazing what's possible
- Have you checked out …
Spring Batch 5.2.0-M2 is available now!
I am pleased to announce that the second milestone of Spring Batch 5.2 is now available from our milestones repository. This blog post walks you through the main changes in Spring Batch 5.2:
- MongoDB job repository support
- New resourceless job repository
- Composite item reader implementation
- New adapters for java.util.function APIs
- Concurrent steps with blocking queue item reader and writer
For the complete list of changes, please check the release notes.
MongoDB job repository support
This release introduces the first NoSQL job repository implementation which is backed by MongoDB. Similar to…
A Bootiful Podcast: New York Java SIG chair and founder Frank Greco on community, AI, and more
Hi, Spring fans! In this installment, I talk to New York Java SIG chair and founder Frank Greco about AI, safety, Java, community, and more!
Spring Cloud 2024.0.0-M2 (aka Moorgate) Has Been Released
On behalf of the community, I am pleased to announce that the Milestone 2 (M2) of the Spring Cloud 2024.0.0 Release Train is available today. The release can be found in Spring Milestone repository. You can check out the 2024.0.0 release notes for more information.
Notable Changes in the 2024.0.0-M2 Release Train
This release of Spring Cloud is based on Spring Boot 3.4.0-M3.
The GitHub project for this release can be found here.
Spring Cloud OpenFeign
- Support
ignorecase
withPageable
(#1047)
Spring Cloud Commons
- Create a TrustStore without requiring a KeyStore (#1394)
Spring Cloud Config
Spring AI 1.0.0 M3 Released
We are happy to announce the 1.0.0 Milestone 3 release of Spring AI.
This release brings significant enhancements and new features across various areas.
Observability
This release introduces many refinements to the observability stack, particularly for streaming responses from Chat Models. Many thanks to Thomas Vitale and Dariusz Jedrzejczyk for all their help in this area!
Observability covers the ChatClient, ChatModel, Embedding Models and Vector stores enabling you to view all touchpoints with your AI infrstructure in fine grained detail..
In the M2 release we introduced observability…