The Spring Blog

Engineering
Releases
News and Events

This Week in Spring - August 30th, 2016

Welcome to another installment of This Week in Spring! This week I’ve been in San Francisco, (where I live and) where I addressed the Silicon Valley Spring User Group. Now it’s off to beautiful China to bring some Spring and Pivotal (and, maybe, take a little vacation!)

As usual, we have a lot to get to so let’s!

Read more...

Spring Web Services 2.3.1/2.4.0 are released

Greetings Spring community,

Spring Web Services has just released versions 2.3.1.RELEASE and 2.4.0.RELEASE.

2.3.1.RELEASE is a minor patch release.

2.3.1 Release Notes | 2.3.1 Documentation.

2.4.0.RELEASE rebases Spring Web Services to run on Spring Framework 4.2.x & Spring Security 4.0.x, the stable baselines behind Spring 4.3/Spring Security 4.1. At the same time, it remains compatible with Java 7. This version includes changes to the code base making it forward compatible with Spring 4.3 and 5.0, so you are free to move up to whichever version of Spring/Spring Security you wish to use.

Read more...

Check your Spring Security SAML config - XXE security issue

It was brought to our attention that the spring-security-saml sample application contained an XML External Entity (XXE) vulnerability. This meant that a malicious user could view any file that the Spring Application’s process had access to.

The issue was a direct result of OpenSAML Java ParserPool and Decrypter Vulnerable To XML Attacks. The default behavior of the ParserPool implementations is fixed in OpenSAML 2.6.1+ (which Spring Security SAML uses). However, the vulnerability is still possible if users construct their own ParserPool without the proper settings.

Read more...

This Week in Spring - August 23, 2016

Welcome to another installation of This Week in Spring! This week I’m in NYC (for the NYC Java SIG), Austin and San Francisco (for the Silicon Valley Spring User Group) talking to customers and doing meetups! We’ve got a lot to cover, as usual, so let’s get to it!

Read more...

Spring Cloud Spinnaker 1.0.0.M1

Greetings Spring community,

I am happy to release the first milestone for Spring Cloud Spinnaker. Spring Cloud Spinnaker bundles up the continuous delivery Spinnaker platform, and provides a 1-click installer to let you install it to any certified Cloud Foundry provider.

At this year’s SpringOne Platform 2016 conference, there were two talks about Spinnaker. If you have early release access and missed them, you can watch right now. Otherwise you can catch them on the SpringDeveloper YouTube Channel once they are published.

Read more...

This Week in Spring - August 16th, 2016

Welcome to another installment of This Week in Spring! Since we last spoke I’ve presented at conferences and to customers in London, Beijing, Shanghai and Singapore - where I am now. Tomorrow, Wednesday, I’ll be speaking at the Singapore Spring Meetup - join me! It’s been quite a few days!

Read more...

Managing your Database Secrets with Vault

In my previous post about Managing Secrets with Vault, I introduced you to Vault and how to store arbitrary secrets using the generic secret backend. Vault can manage more than just secret data like API keys, passwords, and other sensitive string-like data. Today we’re taking a look at Vault’s integration with databases, services, and certificates.

Database credentials tend to be static

When it comes to databases, the regular workflow of getting credentials applying for a database is asking some operator or a self-service tool to give you credentials so your application can log into the database. At this point, credentials are considered static. Credentials get usually changed in case the database is migrated or if there’s a security breach.

Read more...

This Week in Spring - August 9th, 2016

Welcome to another installment of This Week in Spring! This week I’m recovering from a crazy awesome week at SpringOne Platform while visiting customers here in summer-time London.

We’ve got a lot to cover so let’s get to it!

Read more...

SpringOne Platform 2016 Recap: Day 2

by Josh Long and Pieter Humphrey

The excitement has continued at full speed ahead! Today we continued the exploration of how Pivotal is empowering developers to deliver better software and business value for their organizations.

Spring

Reactive has been a key theme at SpringOne Platform 2016. Microservices highlight the need for reactive programming. It’s a truly intense moment for the Spring team as they (re)consider a decade of synchronous programming practices and implementation. While we are starting with the an MVC-like model in web applications, modern cloud native application will ultimately require reactive options from end to end. This is just the beginning.

Read more...

This Week in Spring - SpringOne Platform 2016 edition! - August 2nd, 2016

Welcome to another very special installment of This Week in Spring - this week Pivotal is out in force at SpringOne Platform 2016. This year saw more people, more topics and more sponsors than ever! For more, check out our SpringOne Platform recap blog!

If you’re not here, then fear not all the talks will be available online, but until then.. wish you were here! As with previous years, the race to SpringOne was filled with awesome releases that should keep you more than busy while you wait for the talks to be available online as replays! Let’s get to it!

Read more...