CVE reports published for Spring Security

Engineering | Eleftheria Stein-Kousathana | May 13, 2020 | ...

We have released Spring Security 5.3.2, 5.2.4, 5.1.10, 5.0.16 and 4.2.16 to address the following CVE reports:

Please review the information in the CVE report and upgrade immediately.

Spring Boot users should upgrade to 2.2.7 or 2.1.14.

This Week in Spring - May 12th, 2020

Engineering | Josh Long | May 12, 2020 | ...

Hi, Spring fans! Welcome to another installment of This Week in Spring! I hope you're all doing well, staying safe, taking socially distant walks every day to get some fresh air and exercise, and so on. I'm trying my best to stay sane. We just crossed into month three-under quarantine, having gone into quarantine on 11 March 2020. It's pretty crazy to think about how slowly and quickly time has flown.

One of the things that makes me happy? Learning new things. This weekly roundup, This Week in Spring, has always been a lot of fun for me. It's become even more of a privilege in the age of quarantine, having something to learn and soak up. I know that most of us will get through this, but I've been very keen on not letting this time go to waste for me. It's exhausting to live under this quarantine. It's exhausting to be anxious about things. I completely understand the instinct to want to just stay in bed until it all blows over. It's completely normal. You're allowed to be anxious, to worry, to feel despair. I have those days, too. But, I have found it helpful to try to plan activities with my family and to focus on backburner projects. And I find walking to be helpful. My condo's gym is closed because of…

Getting Started With RSocket: Servers Calling Clients

Engineering | Ben Wilcock | May 12, 2020 | ...

Reading Time: about 7 minutes. Coding Time: about 20 minutes.

If you've been following my series on RSocket, you've heard me refer to "clients and servers" many times. But, with RSocket, the line between client and server is blurry. With Rsocket, servers can send messages to clients, and clients can respond to these requests in the same way a server would.

In fact, the RSocket docs don't use the terms 'client' or 'server.' The docs use the terms 'requester' and 'responder' instead. In RSocket, any component can act as a requester, and any component can act as a responder or even both at the…

Spring Security OAuth2 Auto-config 2.3.0.RC1, 2.2.7, 2.1.14 Released

Engineering | Rob Winch | May 11, 2020 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security OAuth2 Auto-config 2.3.0.RC1 (release notes), 2.2.7.RELEASE (release notes), 2.1.14.RELEASE (release notes). The release delivers dependency updates to be compatible with the last versions of Spring Boot. Users are encouraged to update to the latest patch release.

Project Site | Reference | Help

Tanzu Observability by Wavefront Spring Boot Starter

Engineering | Stéphane Nicoll | May 07, 2020 | ...

Spring Boot has a great observability story. With the Actuator, we auto-configure Micrometer, an application metrics facade that supports numerous monitoring systems. With a few properties, you can start emitting a wide range of metrics out-of-the-box to your favorite monitoring system. And if you need to use distributed tracing, Spring Cloud Sleuth gets you covered.

Tanzu Observability for Wavefront (formerly Wavefront) delivers scalable observability as a service where Spring developers can build analytics-driven dashboards based on multi-sourced data including metrics, traces, histograms…

End-of-Life for Spring Security OAuth

Engineering | Joe Grandja | May 07, 2020 | ...

In January 2018, we announced that the Spring Security OAuth (legacy) project is officially in maintenance mode. Later in November of 2019, we provided an update in the Spring Security OAuth 2.0 Roadmap, stating that the 2.3.x line will reach end-of-life in March 2020.

The currently supported version branches are 2.4.x and 2.5.x, with the 2.5.0 release scheduled for May 2020, which will be the final minor release.

To that end, the plan is to provide patch and security fixes for the 2.4.x and 2.5.x line until May 2021. Additionally, security fixes will be supported for the 2.5.x line until May 2022, at which point the project will have reached end-of-life. The same end-of-life timeline applies to the Spring Boot 2 auto-configuration project

Spring Tips: Season 7 Recap

Engineering | Josh Long | May 06, 2020 | ...

Hi, Spring fans! Welcome to the recap installment for the seventh season of Spring Tips! I can't believe we're already on season seven! In October of 2020, it'll be 4 straight years of doing these videos. Hopefully, they're helping.

Every season consists of 11 episodes and one recap blog post. Sometimes, I'll do an occasional extra episode or I'll do an episode during the interregnum between seasons as the situations sometimes demand. But, for now, I'm done for a little while - not as long as last time, for sure! But a little while. I need time to gather my resources, prepare new content, finish the Reactive Spring book, and…

This Week in Spring - May 5th, 2020

Engineering | Josh Long | May 05, 2020 | ...

Spring Cloud Function Native Images

Engineering | Dave Syer | May 04, 2020 | ...

Here's the latest graph of memory versus billing for Spring Cloud Function on AWS Lambda. It shows the billing metric GBsec as a function of memory allocation in Lambda for two custom runtimes, one in plain Java and one using a GraalVM native image, as described recently in this blog by Andy Clement:


In both cases the functionality is identical (a simple POJO-POJO function), and they both show only the results for cold start. Warm starts, where the function was already active when the request came in, were much faster and cheaper (except for the smallest memory setting they all cost the same…

Get the Spring newsletter

Thank you!

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all