close

Spring Integration Zip 1.0.4 & CVE-2021-22114

Dear Spring community,

On behalf of the team and everyone who contributed, it is my pleasure to announce 1.0.4.RELEASE version for Spring Integration Zip extension.

CVE-2021-22114

The UnZipTransformer doesn’t cover all the cases for Zip Slip Vulnerability and some particular zip entry names may still end up outside of working directory.

The updated fix has been released in the spring-integration-zip-1.0.4.RELEASE version together with some other bug fixes and improvements. We also have published a new advisory for CVE-2021-22114.

Credit: Trung Pham, Viettel Cyber Security.

Everybody who’s using unzip feature from Spring Integration Zip is encouraged to upgrade respectively.

Cheers, 
Artem

Read more

Spring Initializr 0.10.0 available now

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Initializr 0.10.0 has been released and is now available from Maven Central.

This release includes 27 fixes, improvements and dependency upgrades.
Thanks to all those who have contributed with issue reports and pull requests.

For full upgrade instructions and new and noteworthy features please see the release notes.

GitHub | Issues | Documentation | Stack Overflow | Gitter

Read more

Spring HATEOAS 1.3 M2 released

For all users building hypermedia based API, I’d like to announce that we shipped Spring HATEOAS 1.3 M2. We ship two major themes with the release:

Read more

Spring Boot 2.5.0-M2 available now

Continuing our monthly milestone release cadence, I am pleased to announce that the second milestone of Spring Boot 2.5 has been released and is available from our milestone repository. This release adds a number of new features and bug fixes.

Highlights of this milestone include:

  • Layered WARs support for use with Docker
  • Custom Buildpack Builder Support
  • Jetty 10 Support
  • Early Support for Gradle 7

We’ve also made some significant behind-the-scenes changes to do with the way that schema.sql and data.sql files are processed. If you use those features, please try the milestone and let us know if you find any issues.

Read more

Spring Boot 2.4.3 is now available

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.4.3 has been released and is now available from Maven Central.

This release includes 75 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Read more

Spring Boot 2.3.9 is now available

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.3.9 has been released and is now available from Maven Central.

This release includes 47 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Read more

Spring Data 2021.0 M4, 2020.0 SR5, Neumann SR7 and Moore SR13 released

On behalf of the team, I’m pleased to announce Spring Data service releases 2020.0 SR5, Neumann SR7, Moore SR13 and the 4th Milestone of the upcoming 2021.0 iteration.

The attentive reader might have noticed that 2021.0 M3 and 2020.0 SR4 have been hiding out of sight. Well, a tiny glitch made us redo those releases right away for an upgrade without surprises.

For your convenience Spring Boot will pick up the artifacts with its upcoming releases.

2021.0 M4

Read more