The Spring Blog

Engineering
Releases
News and Events

This Week in Spring - June 18, 2019

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I’m in delightful Des Moines, Iowa; and then it’s off to the twin cities of DescriptionMinneapolis–Saint Paul for the epic SpringOne Tour event there.

We’ve got tons to look at this week so let’s get to it!

Read more...

Getting Started with Spring Cloud Gateway

Microservice architectures are great, but as your application programming interfaces (APIs) start to grow, so do the challenges related to their maintenance.

For example, as an existing API matures and adds new features it will need to take its clients along with it on the journey. When the details of an API change, clients need to adjust in order to work with these changes. This process takes time and can really slow your APIs evolution and interfere with your ability to iterate quickly.

Offering multiple APIs brings with it its own set of challenges. How do you route requests and responses to the correct API? How do you manage any message disparity? How do you support clients when your endpoints can move around?

Read more...

This Week in Spring - June 11th, 2019

Hi Spring fans! Can you believe it? We’re already almost halfway through June! Summer’s nearly here! It’s 97 Fahrenheit / 37 Celsius in San Francisco! That’s nuts! I’m glad I’m in beautiful Amsterdam and Eindhoven, NL, beating the heat, though. What a privilege. We’ve got a busy week, as always, to get to so let’s get to it!

Read more...

Announcing nohttp

I’m pleased to announce the nohttp project, which lets users find, replace, and prevent the usage of http://.

Background

Today, Jonathan Leitschuh published a blog titled Want to take over the Java ecosystem? All you need is a MITM!. The blog demonstrates that hundreds of Java libraries are downloading dependencies over HTTP. This opens the projects up to potential MITM (man in the middle) attacks.

Unfortunately, there were multiple Spring projects that were using HTTP to download dependencies. Fortunately, we uncovered no signs of a successful MITM attack. We have also addressed the issue to ensure that no MITM attacks can be made in the future.

Read more...