Hi, Spring fans! How are you? Welcome to another installment of This Week in Spring! I'm doing alright! It's noon as I write this, and I've got GSUG joint presentation with Matt Raible later today. Then, tonight at midnight my time to 5 am or 6 am, I'm kicking off a two-day workshop for GOTO! I look forward to seeing ya there! Anyway, we've got a lot to cover so let's dive into it!

• Read this first! If you've been living under a rock, you may not have heard of the recent Log4J2 vulnerability. If you're using the default, out-of-the-box Spring Boot logging support, then this does not apply to you! But, if you are using Log4j2, specifically, then you need to read this post on Log4j2 and Spring Boot!
• Bruno Borges tweets this very simple workaround for those of you who are using Log4j2 and can't change the startup scripts of your application afflicted by the Log4j2 exploit
• Once you're sure your applications are healthy and happy, check out the new Spring Native 0.11 release! And its new AOT engine, which brings Spring Native to the Next Level…

Updates: Since this blog post has been published, a new logback 1.2.9 version has been published. While this fixes a security issue, prerequisites for exploits are very different as they "requires write access to logback's configuration file". Log4J also released a new 2.17.0 version with fixes for CVE-2021-45046 and CVE-2021-45105. Spring Boot 2.5.8 and 2.6.2 haven been released and provide dependency management for logback 1.2.9 and Log4J 2.17.0. Log4J 2.17.1 contains a fix for CVE-2021-44832

As you may have seen in the news, a new zero-day exploit has been reported against the popular Log4J2 library which can allow an attacker to remotely execute code. The vulnerability has been reported with CVE-2021-44228 against the log4j-core jar and has been fixed in Log4J v2.15.0…

On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Native 0.11, which provides native support for Spring Boot 2.6. This ambitious release is the result of five months of hard work by the Spring team, who have been working on a brand new architecture to bring Spring support for creating native executables with GraalVM to the next level. You can already try it on start.spring.io!

Learn more about Spring Native 0.11 and see it in action in this new Spring Tips video from Spring Developer Advocate Josh Long.

New Ahead-Of-Time Engine

The…

Hi, Spring fans! This week, Josh Long (@starbuxman) talks to transformational leader, my old boss, legendary technologist, and friend Patrick Chanezon (@chanezon).

Starting from version 3.1.0 as part of the Spring Cloud 2021.0.0 (aka Jubilee) release train, Spring Cloud Gateway included support for gRPC and HTTP/2.

We will introduce the basic concepts behind gRPC and how to configure it with two examples:

• One that showcases how Spring Cloud Gateway can transparently re-route gRPC traffic without needing to know the proto definition and without having to modify our existing gRPC servers.

• Another that showcases how we can create a custom filter in Spring Cloud Gateway to transform a JSON payload to a gRPC message.

Introduction to gRPC and HTTP/2

HTTP…

Secure communications end-to-end for Spring Boot apps - in a Zero Trust environment

Hi, Spring fans! Today, we are excited to announce the general availability of all the features to secure communications end-to-end for Spring Boot apps – in a Zero Trust environment. You can secure communications end-to-end or terminate transport level security at any communication point for Spring Boot apps. You can also automate the provisioning and configuration for all the Azure resources needed for securing communications.

Implementing secure communications as part of your solution architecture can be…

With the release of the Spring Cloud 2021.0.0 (aka Jubilee) release train we're more than happy to announce the general availability of Spring Cloud Sleuth 3.1.0. In this blog post we'll describe the most notable released features.

Here is the list of most notable features, we'll elaborate on them in the subsequent parts of this post.

• JDBC #1930
• Tomcat Valve #1329
• Spring Vault #1952
• Automatic tag table generation for documentation #1950
• Spring Cloud Deployer #1947
• R2DBC #1524
• Kafka #2013 and Reactor Kafka #1708
• Spring TX #1941
• Spring Batch #1904
• RSocket #1677
• Spring Cloud Task #1903
• Spring Cloud Config #1915
• Spring Cloud CircuitBreaker Reactive #1910
• Cassandra #1974
• Spring Session #1961
• Spring Security #2011
• Prometheus Exemplars #2039
• Spring Cloud Stream Reactive #2038
• Reactive Mongo #2044
• Abstracted Redis instrumentation #2046
• Custom Actuator for storing traces #1879
…

Hi, Spring fans! Welcome to another installment of This Week in Spring! We've got a ton of stuff to dive into so let's get goin'!

• A Bootiful Podcast: DataStax's Christopher Bradford on the Apache Cassandra operator for Kubernetes, K8ssandra
• Accelerate Spring Apps to Cloud at Scale - Discussion with Azure Spring Cloud Customers
• Spring Authorization Server 0.2.1 available now
• Spring Cloud 2021.0.0 (codename Jubilee) Has Been Released
• Spring Cloud Function 3.2 is out!
• Spring Cloud Sleuth 3.1.0 is out!
• Spring Tips: @Controllers and RSocket
• JSON:API for Spring HATEOAS
• Living with Kubernetes: 12 Commands to Debug Your Workloads
• Hmm. I wonder what Mark Paluch's cooking something awesome with the R2DBC SPI. I wonder what...?
• Nice job, Github Actions! There's now integrated sigstore support! …

Spring Cloud 2021.0.0 is finally out and with it you have Spring Cloud Function 3.2

While the full list of features, enhancements and bug fixes is available here, I’d like to call out few of them in this post and provide some details.

gRPC Support

In addition to an already existing support for invoking function via AWS Lambda, RSocket, Spring Cloud Stream etc., Spring Cloud Function now allows you to invoke function via gRPC. Two ways to benefit from it.

Spring Message

Given the wide adaption of Spring Messaging, one way of benefiting from gRPC support is by embracing Spring's Message. Spring Cloud Function provides GrpcSpringMessage schema modeled after Spring's Message. It is internally converted to Spring Message to benefit from all of the existing support for Spring Messaging…