UPDATE 2018-04-09: see follow-up announcement for 4.3.x branch.

Spring Framework 5.0.5 and 4.3.15 (superseded by 4.3.16 with CVE-2018-1275), released earlier this week, include fixes for the following vulnerabilities:

• CVE-2018-1270 --> CVE-2018-1275
• CVE-2018-1271
• CVE-2018-1272

Spring Boot 2.0.1 and 1.5.11 (superseded by 1.5.12 with CVE-2018-1275), that match the above Spring Framework versions, were released today, and are now also available for use.

Please, review the information in the CVE reports and upgrade immediately.

Speaker: Josh Long

Hi Spring fans! In this installment (the first of 2018!) of Spring Tips we look at stream processing in Spring Boot applications with Apache Kafka, Apache Kafka Streams and the Spring Cloud Stream Kafka Streams binder.

Hi Spring fans! What a week! This week I'm in beautiful Dallas, TX, for the Spring One Tour Dallas event which is, like so many of the other cities already, utterly and completely sold out! What a crowd!

Wow #SpringOneTour Dallas, you’re so #bootiful ! pic.twitter.com/SySCBw4UNX

— Josh Long (龙之春, जोश) (@starbuxman) April 3, 2018

And, so, without further ado, let's get to it!

• Spring Framework Juergen Hoeller has just announced Spring Framework 5.0.5 and 4.3.15 are now available.
• Check out the PR supporting Pact v3 in Spring Cloud Contract.next. Now would be a good time to try it out and feedback!
• PCF 2.1 and the Quest for a One Pizza Ops Team
• Check out this shiny new Kotlin DSL for Spring Data Cassandra!
• Spring Boot lead Phil Webb has published a nice look at property binding in Spring Boot 2.0
• Spring Batch 1.0.0. was released ten years and a week ago, on March 28th, 2018. Happy tenth anniversary, Spring Batch!
• Roy Clarkson has just announced that the Spring Cloud Open Service Broker 2.0.0.M2…

Since the first release of Spring Boot, it has been possible to bind properties to classes by using the @ConfigurationProperties annotation. It has also been possible to specify property names in different forms. For example, person.first-name, person.firstName and PERSON_FIRSTNAME can all be used interchangeably. We call this feature “relaxed binding”.

Unfortunately, in Spring Boot 1.x, “relaxed binding” turned out to be a little bit too relaxed. It was quite hard to define exactly what the binding rules were and when specific formats could be used. We also started to get reports of issues that were very hard to fix with our 1.x implementation. For example, in Spring Boot 1.x it is not possible to bind items to a java.util.Set…

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I'm hanging out in sunny San Francisco talking to local customers and working on more installments of the next season of Spring Tips.

As usual, we've got a lot to cover so let's get to it!

• Check this Pivotal showcase on object detection with Spring Cloud Stream.
• Spring Security SAML DSL lead Filip Hanik has just announced the 1.0.5.RELEASE of our SAML DSL project. This release works against Spring Security SAML 1.0.4.RELEASE. This release adds a simple Java configuration option to your existing Spring Boot applications.
• Ryan Baxter has just announced Spring Cloud Finchley.M9. This new release includes some nice features in Spring Cloud Gateway including support for rolling deployments and route refresh from service discovery heartbeats.
• Spring Tool Suite lead Martin Lippert has …

Hi Spring fans, and welcome to the first day of the Spring season! This week I'm in San Francisco visiting some customers and just hanging out, working on new Spring Tips installments, enjoying the amazing weather. As if today wasn't exciting enough, Java 10 also shipped today! I know that all seems like enough already, but read on as we have a lot of good stuff this week!

• We want your feedback on this Spring Cloud Contract proposal to support fetching stubs over different protocols
• Spring Cloud Data Flow ninja Gunnar Hillert has just announced Spring Cloud Data Flow 1.4.0. The new release includes improved dashboards, versioned streams, a new stream deployment builder, support for Docker compose, security improvements, proxy server support for the shell, LDAP Role Mapping support and improved documentation, among other things. This is a massive release with a lot of good stuff, so don't miss it!
• Spring Security and OAuth-ninja Joe Grandja has just released Spring Security OAuth 2.3.0 which now supports Elliptic Curve signature verification in JwkTokenStore…

Table of Contents

• What is it?
• What do I get out of the box?
• Which monitoring systems does Micrometer support?
• The distinction between metrics and tracing
• The importance of dimensionality
• Meter filters
• Why the /actuator/metrics endpoint changed in Spring Boot 2
• Get involved

What is it?

Micrometer is a dimensional-first metrics collection facade whose aim is to allow you to time, count, and gauge your code with a vendor neutral API. Through classpath and configuration, you may select one or several monitoring systems to export your metrics data to. Think of it like SLF4J, but for metrics!

Micrometer is the metrics collection facility included in Spring Boot 2’s Actuator. It has also been backported…

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I'm in blizzard-besieged Boston, Massachusetts, for the epic Spring One Tour Boston event. Unfortunately, due to this crazy snow storm / blizzard, the event's been postponed one day as we all grapple with the weather. Hope you were able to join the Spring Boot 2.0 launch webinar! If not the replay will be available here and don't forget to check out the launch blog!

Snow or no snow! The show must go on, at least here on the Spring blog, so without further ado:

• The Reactor team is looking for a motivated new engineer to join the team - apply now!
• Spring Cloud Data Flow ninja Gunnar Hillert has just announced Spring Cloud Data Flow 1.4 RC1
• Spring IO Platform Cairo-RC1 lead Andy Wilkinson has just announced the latest updates, including Spring Boot 2.0. Check it out and make sure works as you expect it to.
• I love this post by Spring team legend Stéphane Nicoll on upgrading the Spring Initializr (http://start.spring.io) to Spring Boot 2.0.
• The Spring Data JDBC project has added @Modify for marking queries that perform DML or DDL. Modifying queries will return type boolean or Boolean…

Spring Boot 2 was released recently and the production instance of Spring Initializr (start.spring.io) was upgraded to Spring Boot 2 the same day.

In this post, I'd like to walk you through the process of upgrading a Spring Boot 1.x app to Spring Boot 2.

Release notes and migration guide

A good first step is to get yourself familiar with the main changes in Spring Boot 2 by reading the migration guide and the release notes.

Build upgrade

If you are using Maven and the spring-boot-starter-parent, you need to be aware that several plugins are going to be updated as part of the upgrade. If you're not using the parent, it is worthwhile to inspect your build and upgrade the plugins that you are using. Spring Initializr is built with Maven so the easiest way is to scan spring-boot-dependencies…