Spring Security 6.0.0-M5 available now

Releases | Steve Riesenberg | May 18, 2022 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.0.0-M5 is available now.

This release includes dependency upgrades, bug fixes, and minor enhancements as well as a fix for a bug where the StrictHttpFirewall incorrectly rejects valid CJKV characters. The milestone contains a few noteworthy changes:

  • Authorization on Every Dispatch Type

  • Change the default of shouldFilterAllDispatchTypes to true

  • Default to SecurityContextHolderFilter instead of SecurityContextPersistenceFilter

  • Remove SAML Deprecations

See the release notes here and here for more…

Spring Batch 4.3.6 and 5.0.0-M3 available now

Releases | Mahmoud Ben Hassine | May 18, 2022 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Batch 4.3.6 has been released to Maven Central and that Spring Batch 5.0.0-M3 is now available from our milestone repository.

Spring Batch 4.3.6 is a patch release that comes with a number of bug fixes, enhancements, and dependency updates. For more details about the changes, see the change log.

This blog post is more about 5.0.0-M3, which comes with three major features:

  • Native support improvements
  • UTF-8 by default
  • New Maven Bill of Materials

Moreover, this milestone release comes with a number of enhancements, bug fixes, and dependency updates. See the change log

Spring Data 2021.2 and 2022.0 M4 released.

Releases | Christoph Strobl | May 13, 2022 | ...

On behalf of the Data Team and everyone who contributed, I'm pleased to announce the GA release of the 2021.2 release train as well as the 4th Milestone of the 2022.0 one.

Already working on the 2022.0 train, based on Spring Framework 6, Java17 and Jakarta EE 9, the 2021.2 release ships bug fixes and selected back ported features.

Other than dependency upgrades, these are some of the major changes:

  • Infrastructure to introspect a projection type.
  • Common infrastructure for property-specific value converters.
  • Improved support for IdClass handling in data-jpa.
  • Declarative Update methods in data-mongodb.
  • Reindexing support in data-elasticsearch.
  • Direct projections for data-cassandra.
  • ACL support for Redis Sentinels.
  • Lock and Null precedence support for JDBC.
  • Query Rewriter for JPA.

Spring Framework 5.3.20 and 5.2.22 available now

Releases | Brian Clozel | May 11, 2022 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 5.3.20 and 5.2.22 are available now.

Spring Framework 5.3.20 includes 14 fixes and improvements. Spring Framework 5.2.22 includes 2 backports.

In addition, these releases include fixes for 2 vulnerabilities:

  • CVE-2022-22970 "Spring Framework DoS via Data Binding to MultipartFile or Servlet Part" Denial of Service (DoS) attack in Spring MVC or Spring WebFlux applications that handle file uploads and rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. Severity: Medium

  • CVE-2022-22971 "Spring Framework DoS with STOMP over WebSocket"
    Denial of service (DoS) attack by authenticated users in Spring applications with a STOMP over WebSocket endpoint. Severity: Medium

Spring Cloud 2021.0.2 Has Been Released

Releases | Olga Maciaszek-Sharma | April 26, 2022 | ...

On behalf of the community, I am pleased to announce that the Service Release 2 of the Spring Cloud 2021.0 Release Train is available today. This was primarily a bug fix release. The release can be found in Maven Central. You can check out the 2021.0.2 release notes for more information.

Notable Changes in the 2021.0.2 Release Train

See the project page for all issues included in the release.

Spring Cloud Commons

Spring Tools 4.14.1 released

Releases | Martin Lippert | April 26, 2022 | ...

Dear Spring Community,

I am happy to announce the 4.14.1 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Theia.

fixes and improvements

  • (Spring Boot) fixed: use startupSnapshot instead of startup timer call to avoid wiping out the underlying data
  • (Spring Boot) fixed: When vscode opens a Java project for about 2 hours, the suggestion function will fail (#750)
  • (VSCode) enhancement: live hovers are now automatically show up when you launch a Spring Boot application in VSCode. Additional JVM args for the Spring Boot app to enable JMX are added to the launch automatically. More details can be found in the user guide section about Live Application Information.
  • (VSCode) enhancement: add extension APIs to get live data (#751

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all