CVE-2019-3799: Spring Cloud Config 2.1.2, 2.0.4, 1.4.6 Released

Releases | Spencer Gibb | April 17, 2019 | ...

We have released Spring Cloud Config 2.1.2, 2.0.4, and 1.4.6 to address CVE-2019-3799: Directory Traversal with spring-cloud-config-server. Please review the information in the CVE report and upgrade immediately.

These fixes will be included in the next release of the respective Spring Cloud release train.

NOTE: To override the version in Maven, update the dependency to include the version, such as:

<dependency>
	<groupId>org.springframework.cloud</groupId>
	<artifactId>spring-cloud-config-server</artifactId>
	<version>2.1.2.RELEASE</version>
</dependency>

Similarly, in Gradle:

dependencies…

Spring Security 5.2.0.M2 Released

Releases | Josh Cummings | April 16, 2019 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.M2! This release includes 100+ updates. You can find the highlights below:

OAuth 2.0

gh-6446 - Client Support for PKCE

PKCE isn’t just for native or browser-based apps, but for any time we want to have a public client. Spring Security 5.2 introduces a secure way for backends to authenticate as public clients.

gh-5350 - OpenID Connect RP-Initiated Logout
gh-5465 - Ability to use symmetric keys with JwtDecoder
gh-5397 - Ability for NimbusReactiveJwtDecoder to take a custom processor
gh-6513 & gh-5200

Spring Boot 2.2 M2

Releases | Brian Clozel | April 16, 2019 | ...

On behalf of the team and everyone that contributed, I am pleased to announce that the second milestone of Spring Boot 2.2 has been released and is available from our milestone repository. This release closes almost 100 issues and pull requests.

Highlights of this milestone include:

  • Spring Framework 5.2.0.M1
  • @ConfigurationProperties scanning
  • Immutable @ConfigurationProperties binding
  • Initial RSocket Server Support
  • Lazy Initialization and performance improvements

For a complete list of changes and upgrade instructions, please see the Spring Boot 2.2 Release Notes on the wiki and the updated reference documentation

Spring Cloud Task 2.2.0.M1 is now available

Releases | Glenn Renfro | April 16, 2019 | ...

We are pleased to announce that Spring Cloud Task 2.2.0.M1 is now available on Github and the Pivotal download repository. Many thanks to all of those who contributed to this release.

What’s New?

Spring Cloud Task 2.2.0.M1 is intended to be the version of the framework aligned with Spring Boot 2.2.0. Updates from 2.0.x include:

  • Update all dependencies.
  • Spring Cloud Task compiles and runs on Java 8, 9, 10, 11, 12.
  • Spring Cloud Task Reference documentation has been modernized.
  • Bug Fixes

What Else Is Going On?

Beyond the basics to keep Spring Cloud Task up to date with the rest of the ecosystem…

Spring Data Moore M3 released

Releases | Christoph Strobl | April 11, 2019 | ...

Hot on the heels of Spring Framework 5.2 M1 and just in time for the upcoming Spring Boot 2.2 M2 release, on behalf of the Spring Data team, I’m pleased to announce the availability of the third milestone of the Moore release train.

Notable changes amongst many others:

  • Flow extensions for Kotlin coroutines in Spring Data for Apache Cassandra & MongoDB.
  • MongoDB Json Schema generation from domain Types.
  • Support for BINARY storage type in Spring Data JDBC.
  • Alternative EntityMapper for Elasticsearch.
  • Improved Geospatial query support for Neo4j.
  • Smarter Redis cluster topology caching.

Please find a high-level overview of what has been added in our release wiki. As always, we’re looking forward to your feedback! -> @SpringData

Spring Cloud Data Flow 2.0.2 GA Released

Releases | Ilayaperumal Gopinathan | April 10, 2019 | ...

The Spring Cloud Data Flow team is pleased to announce the release of 2.0.2 GA of Data Flow. Follow the Getting Started guides for running on Local, Cloud Foundry, and Kubernetes.

This is a minor release with mostly bug fixes and documentation enhancements.

Here are the highlights of this release:

  • Improved documentation

    • Docs update for enabling Kafka on Helm Chart

    • Improved architecture diagrams

    • Getting started guide improvements

  • Bug fixes on Spring Cloud Data Flow, Spring Cloud Data Flow UI, and Spring Cloud Deployer implementations

Stay in touch…​

As always, we welcome feedback and contributions, so please reach out to us on Stackoverflow or GitHub or via Gitter

Spring Framework 5.2.0.M1 available now

Releases | Brian Clozel | April 10, 2019 | ...

On behalf of the team and everyone that contributed, I am pleased to announce that the first milestone of Spring Framework 5.2 has been released and is available from our milestone repository. This release closes over 140 issues and pull requests.

This first milestone is packed with features and fixes, including:

  • Many core container improvements, from parsing annotation data with the new MergedAnnotations API to @Configuration class optimizations
  • Support for Kotlin coroutines
  • New WebMvc.fn programming model in the spring-webmvc module providing a functional alternative to annotated controllers that's built on the Servlet API. Now spring-webmvc like spring-webflux offers both functional and annotation-based programming models.
  • Performance improvements in Spring MVC and Spring WebFlux to reduce overhead in request mapping, media type parsing, CORS checks, and more
  • RSocket support including response handling via annotated @MessageMapping methods and performing requests via RSocketRequester

Spring Integration SMB 1.1 GA Available

Releases | Artem Bilan | April 10, 2019 | ...

On behalf of Spring Integration team I am pleased to announce that the 1.1.0.RELEASE for the Spring Integration Extension for SMB is available.

It can be downloaded from Maven Central, JCenter, and our release repository:

compile "org.springframework.integration:spring-integration-smb:1.1.0.RELEASE"

I would like to thank Gregory Bragg for awesome contribution to this project in regards to update it to the latest client library version to support SMB v2 & 3!

You can learn more about this extension on its GitHub page.

Any feedback, feature ideas, critics, bug reports and questions are welcome…

Spring Boot 2.1.4 released

Releases | Phil Webb | April 04, 2019 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Boot 2.1.4 has been released and is now available from repo.spring.io and Maven Central.

This is a maintenance release that includes a number of important dependency updates and bug fixes.

Since 1.5 will be end of life in august, all users should now be considering an upgrading to Spring Boot 2.1.

How can you help?

If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all