We have released Spring Security 5.0.1, 4.2.4, and 4.1.5 to address CVE-2018-1199: Security bypass with static resources Users are encouraged to update immediately.
One of the changes introduced for this CVE was setting StrictHttpFirewall as the default HttpFirewall. User’s can refer to the Javadoc and reference for additional information on how to configure it.
We are pleased to announce the availability of the following maintenance releases; users are encouraged to upgrade at the earliest opportunity.
Spring Integration for Apache Kafka 3.0.1
Spring Integration 4.3.13, Spring AMQP 1.7.6 will be used in the upcoming Spring Boot 1.5.10 release. Spring Integration 5.0.1, Spring AMQP 2.0.2 and Spring for Apache Kafka 2.1.2 will be used in the upcoming release candidate for Spring Boot 2.0.
See the respective project pages at spring.io/projects…
This post was authored by Vedran Pavić
On behalf of the community I’m pleased to announce the release of Spring Session 2.0.1.RELEASE. This maintenance release is focused primarily on addressing a classloading related regression when using a Redis backed session store in combination with Spring Boot’s DevTools.
You can find the complete details of the release in the changelog.
If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping Rob @rob_winch, Joe @joe_grandja, or me @vedran_pavic on…
On behalf of the Spring Data team, I’d like to announce the Ingalls SR10 and Kay SR3 service releases. The Ingalls service release ships on top of the just-released Spring Framework 4.3.14 and in preparation of the upcoming Spring Boot 1.5.10 release. The Kay service release picks up Spring Framework 5.0.3 in and will be picked up by Spring Boot 2.0 RC1 for your convenience.
Both releases ship with 105 tickets fixed in total and are recommended upgrades to all users of the Ingalls and Kay release trains. You can find all details within the linked changelogs.
We are pleased to announce the 1.3.0.RC1 release of the Spring Cloud Data Flow and its associated ecosystem of projects.
Follow the Getting Started guides for Local Server, Cloud Foundry, and Kubernetes.
To simplify the overall experience of opting into using Skipper to deploy streams, a feature toggle provides you the ability to switch between skipper mode and the previous 'classic' mode. The feature toggle is used in both the Shell and the Server. The default value is to use the 'classic' non-skipper mode. To enable skipper mode, pass in the…
Dear Spring community,
I’m pleased to announce that Spring Framework 5.0.3 and 4.3.14 are available now, as another pair of refinement releases which are recommended as immediate upgrades for all users. Our 5.0.3 release is the foundation for the upcoming Spring Boot 2.0 RC1 release next week, and 4.3.14 will be picked up by Boot 1.5.10 around the same time.
Spring Framework 5.0.3 comes with fresh support for Kotlin 1.2.20, Reactor Core 3.1.3 and JUnit 5.0.3 and has been successfully tested on the latest JDK 10 early-access builds already. It also includes fixes for a few recent regressions and selected refinements in the WebFlux APIs, just in time for moving 5.0.x into maintenance mode and preparing for the 5.1 line…
On behalf of the team, I am pleased to announce the release of Spring Cloud Skipper 1.0 RC1.
Skipper is a lightweight tool that allows you to discover Spring Boot applications and manage their lifecycle on multiple Cloud Platforms. You can use Skipper standalone or integrate it with Continuous Integration pipelines to help implement the practice of Continuous Deployment.
The 1.0 RC1 release fixes several bugs and introduces a some new features.
Greetings Reactive Spring community!
While the team is still working heavily on the 3.1 line, we also wanted to give the community a chance to get a sneak peek at what’s coming for the future 3.2 line.
In particular, the big goodie slated for 3.2.0.RELEASE is the addition of what we’ve been calling "error mode", "continue mode" or lately more officially "error strategy".
It is simple, really: what if exceptions in user code that get executed within operators could be recovered from, allowing the sequence to continue?
Let’s take an example, and imagine you have the following method:
…This post was authored by Vedran Pavić
On behalf of the community I’m pleased to announce the release of Spring Session 2.0.0.RELEASE. This release evolved through 2.0.0.M1, 2.0.0.M2, 2.0.0.M3, 2.0.0.M4, 2.0.0.M5, 2.0.0.RC1, 2.0.0.RC2 and 2.0.0.RELEASE, closing over 130 issues and pull requests in total.
You can find highlights of what’s new in the What’s New 2.0 section of the reference. For details refer to the changelog links above.
This release moves to Java 8 and Spring Framework 5.0 as baseline requirements. Entire codebase is based on Java…
On behalf of the community, I am pleased to announce that the Service Release 1 (SR1) of the Spring Cloud Edgware Release Train is available today. The release can be found in Maven Central. You can check out the Edgware release notes for more information.
The following modules were updated as part of Edgware.SR1:
| Module | Version |
|---|---|
| Spring Cloud Gateway | 1.0.1.RELEASE |
| Spring Cloud Stream | Ditmars.SR3 |
| Spring Cloud Config | 1.4.1.RELEASE |
| Spring Cloud Netflix | 1.4.2.RELEASE |
| Spring Cloud Commons | 1.3.1.RELEASE |
| Spring Cloud Consul | 1.3.1.RELEASE |
| Spring Cloud Sleuth | 1.3.1.RELEASE |
| Spring Cloud Security | 1.2.2.RELEASE |
| Spring Cloud Contract | 1.2.2.RELEASE |
VMware offers training and certification to turbo-charge your progress.
Learn moreTanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreCheck out all the upcoming events in the Spring community.
View all