CVE-2016-9879: Spring Security 3.2.10, 4.1.4, 4.2.1 Released

Releases | Rob Winch | December 22, 2016 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security 3.2.10, 4.1.4, and 4.2.1 which fix CVE-2016-9879. Users are encouraged to update immediately.

It is important to note that Spring Framework 3.2.x has reached EOL. As with Spring Framework, we expect all users to upgrade to 4.2.1+ for further support. Detailed instructions (including samples) on migrating both XML and Java Config based projects can be found in the reference appendix

Project Site | Reference | Guides | Help

Spring LDAP 2.2.1 & 2.3 RC1 Released

Releases | Rob Winch | December 22, 2016 | ...

On behalf of the community, I’m pleased to announce the release of Spring LDAP 2.2.1 and 2.3 RC1.

A special thanks to Mark Paluch for getting spring-data-ldap aligned on the Spring Data side!

Spring LDAP 2.3 RC1

This release brings in a new era for Spring Data compatibility. Integration for Spring LDAP and Spring Data has been moved to spring-data-ldap so that it can partake in the Spring Data release train and ensure compatibility with the latest and greatest Spring Data code base. For additional details refer to the changelog

Spring LDAP 2.2.1

This release contains some minor bug fixes along with an update to make updates to newer versions of Spring Data more seamless. For additional details refer to the changelog

Spring Tool Suite 3.8.3 released

Releases | Martin Lippert | December 22, 2016 | ...

Dear Spring Community,

I am happy to announce the 3.8.3 release of the Spring Tool Suite, our Eclipse-based tooling.

STS 3.8.3 focuses on adopting Eclipse Neon.2 and fixing existing issues. The list of changes include:

  • Updated to Eclipse Neon.2
  • Added support for one-time passcode for Cloud Foundry targets in the Spring Boot Dashboard
  • Added support for WAR packaging of Spring Boot apps when deploying them to CF in the Spring Boot Dashboard
  • Added support for health-check in Cloud Foundry manifest files
  • Fixed a number of most-reported errors from the automated error reporting
  • and more...

To download the distributions, please go visit:

Detailed new and noteworthy notes can be found here: STS 3.8.3 New & Noteworthy.

Enjoy!

Spring Framework 4.3.5, 4.2.9 and 3.2.18 available now

Releases | Stéphane Nicoll | December 21, 2016 | ...

It is my pleasure to announce that the Spring Framework 4.3.5, 4.2.9 and 3.2.18 maintenance releases are available now.

4.3.5 is a significant refinement release with 37 enhancements (including e.g. WebSocket support for the recently released Jetty 9.4) and several bug fixes, serving as the basis for the upcoming Spring Boot 1.4.3 release.

Please note that the 4.2.9 and 3.2.18 bug fix releases are the last in their respective line, with 4.2.x being superseded by 4.3.x now and 3.2.x reaching its EOL point. Going forward, we expect all users to upgrade to 4.3.5+ for further support.

All three releases also fix a path traversal vulnerability (CVE-2016-9878) in ResourceServlet. If you happen to be among its rare users, please upgrade ASAP. Note that this functionality has been superseded for years already and will get removed in 5.0, so we actually recommend a migration to Spring MVC's resource handling features within a DispatcherServlet

Spring Session 1.3.0 Released

Releases | Rob Winch | December 16, 2016 | ...

On behalf of the community, I’m pleased to announce the release of Spring Session 1.3.0.RELEASE. This release evolved through 1.3.0.M1, 1.3.0.M2, 1.3.0.RC1, and 1.3.0.RELEASE

What’s New in Spring Session 1.3.0.RELEASE

You can find highlights of what’s new in the What’s New in Spring Session 1.3.0.RELEASE section of the reference. For details refer to the changelog links above.

Contributions

Without the community we couldn’t be the successful project we are today. I’d like to thank everyone that created issues & provided feedback.

Feedback Please

If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping me @rob_winch or Joe @joe_grandja

Dependency Management Plugin 1.0.0.RC1

Releases | Andy Wilkinson | December 16, 2016 | ...

It's my pleasure to announce that 1.0.0.RC1 of the Dependency Management Plugin has been released. It's available from Gradle's Plugin Portal as well as Maven Central and Bintray.

What's new?

The plugin's been rewritten in Java and its API has been formalised. A clear separation between that API and the plugin's internals has been introduced. This has required a few breaking changes but you are unlikely to be affected if you were using the Groovy DSL.

Converting to Java and formalising the API has also enabled a couple of enhancements:

### Official support for Gradle 3

Previously, the plugin was written in Groovy and attempted to support Gradle 1, 2, and 3. This proved to be overly ambitious. The two main problems were binary incompatibilities across the three different Groovy runtimes (1.8, 2.3, and 2.4) and breaking changes across the three versions of Gradle. To address these, the Gradle team's recommendation was to rewrite the plugin in Java and to drop support for Gradle 1.x. This release does just that, with the plugin's main code now being 100% Java and Gradle 2.9 now being the minimum supported version. As a result, Gradle 3.x is now officially supported and it should be easier to support new versions of…

Spring Statemachine 1.2.0 Released

Releases | Janne Valkealahti | December 15, 2016 | ...

We’re pleased to announce a release of Spring Statemachine 1.2.0.RELEASE. Artifacts are available either from Maven Central or from Spring Repository.

Let's see what we did for this initial 1.2.x release

  • Usual bug fixes and small enhancements.
  • Support for UML submachines.
  • New Spring Data Repository abstraction keeping machine configurations in an external repository with built-in support for Redis, MongoDB and JPA.
  • New samples.
  • New support for state do actions.
  • New monitoring and tracing API's.
  • Initial support for Spring Boot auto-config.
  • New transition and state error action concepts.

There's no changes from a final release candicate but full history is available from changelog

Reactor Kafka 1.0.0.M1 released

Releases | Rajini Sivaram | December 15, 2016 | ...

We are pleased to announce the release of the first milestone of Reactor Kafka 1.0.0.

What is Reactor Kafka?

Reactor Kafka is a reactive API for Apache Kafka based on Project Reactor. Reactor Kafka API enables messages to be published to Kafka topics and consumed from Kafka topics using functional APIs with non-blocking back-pressure and very low overheads. This enables applications using Reactor to use Kafka as a message bus or streaming platform and integrate with other systems to provide an end-to-end reactive pipeline.

The value proposition for Reactor Kafka is the efficient utilization of…

Spring Integration 5.0 Milestone 1 Available

Releases | Gary Russell | December 02, 2016 | ...

We are pleased to announce that the first milestone for the 5.0 version of Spring Integration is now available.

This is a new major version, based on Spring Framework 5.0 and requires Java 8; this is the biggest change so far, but the following are also included:

  • The Java DSL is now rolled into the framework itself; there are some minor changes to the DSL, such as the removal of the .handleWithAdapter() methods and some general Factory classes. A complete discussion of the DSL changes can be found in the Migration Guide.

  • Upgrade to Spring Data Kay.

  • Upgrade to Spring AMQP 2.0.

  • First class support for TCP/UDP has been added to the DSL.

  • Spring Integration is now based on Reactor 3.0 and Messaging Gateway Promise methods now have to be changed to return Mono.

  • You can now configure mid-flow transactions via TransactionHandleMessageAdvice for adviceChain Messaging Annotations attribute and <transactional> sub-element when using XML configuration.

Spring Statemachine 1.2.0.RC1 Released

Releases | Janne Valkealahti | December 01, 2016 | ...

We’re pleased to announce a release candicate of Spring Statemachine 1.2.0.RC1. Artifacts are available from Spring Repository.

What we got into this release:

  • Usual bug fixes and small enhancements
  • New api's for tracing and monitoring
  • New monitoring sample
  • Full repository config support for Redis, MongoDB and JPA
  • Boot auto-config enhacements
  • Lot of documentation enhacements

Full changes as usual are available from changelog. We're planning to fire up 1.2.0.RELEASE before xmas and possibly do a second release candicate if any major issues are found.

Thank you for all who have contributed in…

Get the Spring newsletter

Thank you for your interest. Someone will get back to you shortly.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all