CVE Reports Published for Reactor Netty

News | Rossen Stoyanchev | February 27, 2020 | ...

The following CVE reports were published today:

  • CVE-2020-5403 affecting Reactor Netty HttpServer 0.9.3 and 0.9.4.
  • CVE-2020-5404 affecting Reactor Netty HttpClient for all 0.8.x and 0.9.x versions in applications where the automatic following of redirects is explicitly enabled.

The fixes are in Reactor Netty 0.9.5 and 0.8.16. If using the reactor-bom, you can upgrade to Dysprosium-SR5 or Californium-SR16.

Reactor Netty is used internally in many frameworks including Spring WebFlux and its WebClient. If you have a Spring Boot application, you can upgrade to Spring Boot 2.2.5 or 2.1.13.

Announcing: The NEW Spring Website!

News | Ben Wilcock | February 14, 2020 | ...

Spring is constantly evolving and always innovating while being consistent where it matters: delivering a reliable framework to help you build maintainable software, faster. In the last few years, the Spring contributors have worked hard to bring the predictable Spring experience to microservices, serverless, streams, reactive, batch, data, and new languages like Kotlin. Over the coming year, you'll see many more examples of this, including some cool new features that we're just dying to share with you.

However, there was one area of Spring that we felt was desperately in need of some love and…

Spring Security OAuth 2.0 Roadmap Update

News | Josh Cummings | November 14, 2019 | ...

Note

See the latest announcement on Announcing the Spring Authorization Server. This post is a follow-up to Next Generation OAuth 2.0 Support with Spring Security

Current State

In the Spring Security 5.x release train, we’ve endeavored to replace and simplify the feature set found in the Spring Security OAuth 2.x legacy project. In the process, we’ve also added numerous new features, including support for OpenID Connect 1.0.

We are pleased to announce that as of the 5.2 release, we are very close to feature parity with the client and resource server legacy support. What remains is quite…

Webinar: Boosting Microservice Performance with Kafka, RabbitMQ, and Spring

News | Mark Heckler | May 30, 2019 | ...

Speaker: Mark Heckler, Pivotal

In today’s microservices-based world, many mission-critical systems have distributed elements or are entirely distributed. Ideally, these architectures should improve things such as performance, scalability, reliability, and resilience—but subpar design can limit those strengths, or worse yet, turn them into challenges that need to be overcome.

Messaging platforms help solve these problems and improve the "ilities," but they come with a few complexities of their own. This webinar will teach you how to use open-source solutions like Spring Cloud Stream, RabbitMQ…

Legacy forums will be shutdown February 28

News | Brian Dussault | February 06, 2019 | ...

In 2014, we announced the retirement of our legacy forum, forum.spring.io, in favor of providing an improved community experience on stackoverflow.com. As part of that announcement, we put our forum into read-only mode, preserving forum posts that were referenced in various Spring issue trackers.

On February 28, 2019, we plan to take the forum completely offline. In preparation for this end-of-life activity, we have gone through our issue trackers and identified links to forum.spring.io that contain supplementary information related to an issue. Based on this analysis, we have either copied…

Project Update: Spring Cloud Data Flow for Apache Mesos and Apache YARN

News | Mark Pollack | November 01, 2018 | ...

Dear Spring community,

The Spring Cloud Data Flow team have been happy stewards of the Spring Cloud Deployer and Spring Cloud Data Flow implementations of Apache Mesos and Apache YARN.

We now feel that TrustedChoice.com will be a better home for Apache Mesos implementation of Spring Cloud Deployer and Spring Cloud Data Flow, and we are donating the projects to them to carry it forward.

The development will now be managed directly by the team (Adam J. Weigold, Phil Egelston, Justin Mathieu, and Cole Anderson) at TrustedChoice.com, as the Spring Cloud Data Flow team will no longer maintain it.

Spring Cloud Edgware EOL Aug 1st 2019

News | Spencer Gibb | July 30, 2018 | ...

Spring Cloud Edgware will follow the Spring Boot 1.x EOL announcement. We will cease maintenance of the Edgware release train twelve months from today, on Aug 1st 2019.

We will keep publishing occasional Edgware service releases up until that point and will then end the release train.

As a reminder, the Camden release train has reached EOL, and Dalston will reach EOL at the end of December 2018.

Existing Spring Cloud users should plan accordingly to ensure that they have upgraded to the latest Finchley+ version before that date. Also, please note that Spring Cloud Finchley and later requires…

Spring Boot 1.x EOL Aug 1st 2019

News | Phil Webb | July 30, 2018 | ...

All good things must come to an end, and for the 1.x line of Spring Boot that means we will need to cease maintenance twelve months from today, on Aug 1st 2019.

We will keep publishing occasional 1.5.x maintenance releases up until that point and will then end the branch.

Existing Spring Boot 1.x users should plan accordingly to ensure that they have upgraded to the latest 2.x version before that date. Please also note that Spring Boot 2.0 and above requires Java 8+, so if you're running Java 6 or 7 you should also plan on upgrading your JDK.

For detailed instructions on what you'll need to do to upgrade a Spring Boot 1.5 application to 2.0, check out the migration guide

Spring IO Platform end-of-life announcement

News | Andy Wilkinson | April 09, 2018 | ...

Maintenance of the Spring IO Platform will end twelve months from today, 9 April 2019, and the project will be moved to the attic. Maintenance releases of both the Brussels and Cairo lines will continue to be published up until that time.

When the Platform was first introduced almost four years ago it provided dependency management for a number of projects that were not managed by Spring Boot. In recent releases that number has decreased and would have continued to do so in the future as the Spring portfolio continues to evolve.

The decreasing difference between Spring Boot's dependency management and the Platform's dependency management means that offering the Platform as a separate choice no longer makes sense. All users of the Platform are encouraged to start using Spring Boot's dependency management directly, either by using spring-boot-starter-parent as their Maven project's parent, or by importing the spring-boot-dependencies

Spring for Apache Hadoop project End-Of-Life announcement

News | Thomas Risberg | April 05, 2018 | ...

Dear Spring community,

The Spring team hereby announces that the Spring for Apache Hadoop project will reach End-Of-Life status twelve months from today on April 5th, 2019. We will publish occasional 2.5.x maintenance releases as needed up until that point and will then move the project to the attic. The current Spring for Apache Hadoop 2.5.0 release is built using Apache Hadoop version 2.7.3 and should be compatible with the latest releases of the most popular Hadoop distributions.

The Spring Cloud Stream App Starter - HDFS Sink applications rely on the Spring for Apache Hadoop project…

Get the Spring newsletter

Thank you for your interest. Someone will get back to you shortly.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all