The Spring Blog

News and Events

CVE-2019-11269: Spring Security OAuth 2.3.6, 2.2.5, 2.1.5, 2.0.18 Released

We have released Spring Security OAuth 2.3.6, 2.2.5, 2.1.5 and 2.0.18 to address CVE-2019-11269: Open Redirector in spring-security-oauth2. Please review the information in the CVE report and upgrade immediately.

For additional changes included in each release, please refer to:

NOTE: For users of Spring Boot 1.5.x and Spring IO Platform Cairo, it is highly recommended to override the spring-security-oauth version to the latest version containing the fix for the CVE. Please see the Mitigation section in the CVE report for detailed instructions on how to override the version.


Webinar: Boosting Microservice Performance with Kafka, RabbitMQ, and Spring

Speaker: Mark Heckler, Pivotal

In today’s microservices-based world, many mission-critical systems have distributed elements or are entirely distributed. Ideally, these architectures should improve things such as performance, scalability, reliability, and resilience—but subpar design can limit those strengths, or worse yet, turn them into challenges that need to be overcome.

Messaging platforms help solve these problems and improve the “ilities,” but they come with a few complexities of their own. This webinar will teach you how to use open-source solutions like Spring Cloud Stream, RabbitMQ, and Apache Kafka to maximize your distributed systems’ capabilities while minimizing complexity.


Spring Cloud Edgware.SR6 Released

On behalf of the community, I am pleased to announce that the Service Release 6 (SR6) of the Spring Cloud Edgware Release Train is available today. The release can be found in Maven Central. You can check out the Edgware release notes for more information.

Edgware End Of Life Reminder

As a reminder, the Edgware release train will reach EOL status on August 1st, 2019.

Notable Changes in the Edgware Release Train

Spring Cloud Netflix

Spring Cloud Sleuth

Spring Cloud Config

Spring Cloud Commons


Spring Cloud Open Service Broker 3.0.1 Released

We are pleased to announce the 3.0.1 release of Spring Cloud Open Service Broker. This release is a maintenance release that includes the following updates:

  • Improve getting started experience
  • Update reference documentation

Include the following Spring Boot starter:


Project Page | GitHub | Reference Doc | API Doc


This Week in Spring - May 28, 2019

Hi Spring fans! What a week it’s been since we last spoke! I was in Zurich, Switzerland; then Paris, France; then Minsk, Belarus; and now I’m in Barcelona, Spain for the epic JBCN show. I’ve recorded a few episodes for the podcast (✅), gave a talk (✅) and now have a workshop to deliver on Wednesday (✅). Fun week by the beach! Don’t worry about me, I’ll pull through..

Spring en la primavera

….And I’m not going anywhere until Thursday when I’ll fly home to San Francisco, USA to see our kid graduate middle school! I’m so proud of her. What a legend.


Spring Tools 4.2.2 released

Dear Spring Community,

I am happy to announce the 4.2.2 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Atom.

Highlights from this release include:

  • (all language servers) performance: additional improvements to language server startup time
  • (Spring Boot) new: navigation for bean identifiers, bean classes, and property names for Spring XML config files
  • (Spring Boot) new: content-assist rolled out for many more Spring XML config elements and attributes
  • (Spring Boot) fixed: Detect @RequestMapping with path defined as constant instead of literal string (#281)
  • (CF Manifest) new: added support for anchors and references
  • (Eclipse) new: added project-related XSD schema resolution
  • (Eclipse) fixed: high CPU and memory spikes when code minings and live hovers are active (#292)

Spring Cloud Data Flow 2.1 GA Released

The Spring Cloud Data Flow team is pleased to announce the release of 2.1 of Data Flow.

We have a brand new website with great new content, which is where you can find our getting started guide for use on Cloud Foundry and Kubernetes and your Local Machine.

Here are the highlights:

New Dedicated Data Flow Website

The Data Flow team takes pride is openly communicating with the community in various forums including StackOverflow, Gitter, GitHub, Twitter, and at times in Email and Zoom calls even.

However, we realized that we could provide a much better experience to answer common questions and provide an easier on-ramp to using Data Flow if we focused on improving the online documentation. The reference guide was not the ideal format to achieve that goal, so we embarked on creating a new website - - that acts as the hub for learning about all things Data Flow related.