UPDATES

• [05-17] Due to a mixup CVE-2022-22975 should have been CVE-2022-22978. The blog has been updated to reflect this correction.

CVE-2022-22978 : Authorization Bypass in RegexRequestMatcher

Spring Security 5.7.0, 5.6.4, 5.5.7 were released to fix CVE-2022-22978 : Authorization Bypass in RegexRequestMatcher. Please update as soon as possible.

Spring Security 5.7.0, 5.6.4, 5.5.7 were released to fix CVE-2022-22976: BCrypt skips salt rounds for work factor of 31. Please update as soon as possible.

Hi, Spring fans! In this episode, Josh Long (@starbuxman) talks to fellow Java Champion, EasyMock engineer, and Java luminary, JUG leader, and legend Henri Tremblay (@henri_tremblay)

Hi, Spring fans! I'm writing this from - I can't believe I get to say this - abroad! I'm in London, UK! Now, this is not particularly noteworthy for those millions who already live here. But I don't live here. I'm a visitor! I live in San Francisco. I had to fly here! On a plane! With other people! ACROSS THE OCEAN. This is my first international flight since March of 2020, and I couldn't be more excited to be here for Devoxx UK and also just to catch up with old friends I haven't seen in nearly three years. If you know me, and how I used to travel, you'll appreciate how odd it is for me to be…

Hi, Spring fans! In this installment, Josh Long (@starbuxman) talks to fellow Java Champion and Java ecosystem luminary Chandra Guntur (@cguntur) about Java, Spring, and the Spring Katas, among other things.

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you doin'?

I'm excited! This week I'm speaking at the ArabJUG, and I'll be speaking at Microsoft's huuuge JDConf event. Both of these are virtual. Then, next Monday, I'm on a plane bound for London, UK, where I'll be speaking at Devoxx UK 2022. Then, not even two weeks later, I'll be speaking at Spring IO, in Barcelona, Spain! Then a week later, I'll be speaking at JNation, in Lisbon, Portugal. To say that I am excited would be an understatement, my friends.

And all of that ignores the great stuff since last week…

Sometimes, no matter how many features you try to apply, it seems impossible to get Spring Data JPA to apply every thing you’d like to a query before it is sent to the EntityManager.

With 3.0.0-SNAPSHOT (and targeted for the next milestone release train of Spring Data), you now have the ability to get your hands on the query, right before it’s sent to the EntityManager and "rewrite" it. That is, you can make any alterations at the last moment.

Check it out below:

Example 1. Declare a QueryRewriter using @Query

public interface MyRepository extends JpaRepository<User, Long> {

    @Query(value…

Hi, Spring fans! In this installment, Josh Long (@starbuxman) talks to Azul Deputy CTO and Java's own mad scientist and luminary Simon Ritter (@speakjava)

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week I was hoping to be in glorious Chicago, Illinois for the first in-person SpringOne Tour installment since the pandemic. But, alas, I couldn't go because - out of an abundance of caution, and since I was exposed to COVID19 in Atlanta, GA - it was thought to be safer to keep some folks home and virtual. Sigh. This policy makes perfect sense and it's what I wanted. But it's still a smidge disappointing to not be there. I miss y'all! It was fun at least doing a remote presentation.

Anyway, without further ado, let's…