close

Spring Boot 2.1.13 released

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.1.13 has been released and is now available from repo.spring.io and Maven Central.

This release includes 34 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

Important Security Advisory

This version of Spring Boot includes a dependency upgrade to Reactor Netty 0.8.16. It contains a fix for CVE-2020-5404.

How can you help?

Read more

CVE Reports Published for Reactor Netty

The following CVE reports were published today:

  • CVE-2020-5403 affecting Reactor Netty HttpServer 0.9.3 and 0.9.4.
  • CVE-2020-5404 affecting Reactor Netty HttpClient for all 0.8.x and 0.9.x versions in applications where the automatic following of redirects is explicitly enabled.

The fixes are in Reactor Netty 0.9.5 and 0.8.16. If using the reactor-bom, you can upgrade to Dysprosium-SR5 or Californium-SR16.

Reactor Netty is used internally in many frameworks including Spring WebFlux and its WebClient. If you have a Spring Boot application, you can upgrade to Spring Boot 2.2.5 or 2.1.13.

Read more

Spring Data Moore SR5 and Lovelace SR16 released

On behalf of the community, I’d like to announce the availability of the Spring Data Moore SR5 and Lovelace SR16 service releases.

Moore SR5 ships with 61 tickets fixed, and Lovelace SR16 ships with 43 tickets fixed. Both releases contain mostly bug fixes and dependency upgrades. Moore SR5 is built on top of the just-released Spring Framework 5.2.4 and will be picked up by Spring Boot 2.2.5 for your convenience. Similarly, Lovelace SR16 uses Spring Framework 5.1.14 and will be included by Spring Boot 2.1.13 in the next days.

Read more

Spring Tips: Apache RocketMQ

Hi, Spring fans! In this installment of Spring Tips, we’re going to look at Alibaba’s Apache RocketMQ. We’ve talked some about Alibaba in Spring Tips before. Check out the earlier Spring Tips installment in which we explore some of Spring Cloud Alibaba.

Running Apache RocketMQ

In order to use Apache RocketMQ, you’ll need to follow the steps in the RocketMQ quickstart. This Spring Tips installment introduces Apache RocketMQ, originally a technology developed and used internally at Alibaba and proven in the forge of 11/11, the famous Chinese sales holiday, sort of like “Cyber Monday,” or “Black Friday,” in the US. Sort of like that, but waaaaaay bigger. In 2019, Alibaba (alone, with no other e-commerce engines involved), made almost $40 billion USD in 24 hours. This required that trillions of messages be sent through something that could scale to meet the demand. RocketMQ is the only thing they could trust.

Read more

This Week in Spring - February 25th, 2020

Hi, Spring fans! This week I am in delicious Philadelphia enjoying the amazing food (scrapple! TastyKakes!) and hanging out with amazing customers using VMWare and Spring to great effect. It’s been a busy week since we last talked: I released a new Spring Tips installment, wrote a bunch of blogs, recorded a new podcast, and published a new podcast installment. We’ve got a lot to get to today so let’s get to it!

Read more

Spring Framework 5.2.4 and 5.1.14 available now

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 5.2.4 and 5.1.14 are available now.

The fourth maintenance release of the 5.2 line includes over 60 fixes and improvements. Spring Framework 5.1.14 includes 14 selected fixes and improvements.

As usual, we’ll follow up shortly with corresponding Spring Boot releases (2.2.5 and 2.1.13).

Project Page | GitHub | Issues | Documentation

Read more

Netflix Built a Spring Application Generator to Boost Dev Productivity. Here's How You Can, Too.

If you watch Taylor Wicksell of Netflix’s SpringOne Platform keynote you can’t help but be blown away by the sheer productivity of their engineering team. Last year, over 300 Spring-based apps went into production – an incredible achievement.

Taylor Wicksell of Netflix’s SpringOne Platform Keynote

What Can Your Enterprise Learn From Netflix?

At Netflix, Taylor and his Java Platform team own the Java developer experience (DevEx). Taylor’s team has one mission: to help Netflix’s engineers stay productive – delivering great code at great velocity. It’s a mission that is clearly proving successful.

Read more

Spring Boot for Apache Geode & Pivotal GemFire 1.3.0.M2 Available

On behalf of the Spring, Apache Geode & Pivotal GemFire communities, it is my pleasure to announce the release of Spring Boot for Apache Geode & Pivotal GemFire (SBDG) 1.3.0.M2.

The 1.3.0.M2 release aligns with:

  • Spring Framework 5.2.3.RELEASE

  • Spring Boot 2.3.0.M2

  • Spring Data for Apache Geode & Pivotal GemFire (SDG) 2.3.0.M3

  • Spring Data Neumann-M3

  • Spring Session for Apache Geode & Pivotal GemFire (SSDG) 2.3.0.M2

  • Spring Session Dragonfruit-M2

  • Spring Test for Apache Geode & Pivotal GemFire (STDG) 0.0.13.RELEASE

Read more

Spring Session for Apache Geode & Pivotal GemFire 2.3.0.M2 Available

On behalf of the Spring, Apache Geode and Pivotal GemFire communities, it is my pleasure to announce the release of Spring Session for Apache Geode & Pivotal GemFire (SSDG) 2.3.0.M2.

The 2.3.0.M2 release aligns with:

  • Spring Framework 5.2.3.RELEASE

  • Spring Data Neumann-M3

  • Spring Session Dragonfruit-M2

  • Spring Session core 2.3.0.M1

See the changelog for additional details.

The release is available in the Spring Milestone Repository.

Feedback

As always, any feedback is greatly appreciated and welcomed.

Read more

A Bootiful Podcast: Building China-scale Infrastructure at Alibaba with Spring Cloud, Rsocket, and more

Hi, Spring fans! In this installment Josh Long (@starbuxman) talks to friends - Mercy Ma (马昕曦), Andy Shi (施孜海), and Jim Fang (方剑) - from Alibaba. These engineers work on Spring Cloud Alibaba, some of the open source infrastructure coming out of Alibaba designed to support Spring applications running at Alibaba, and more.

Read more