I am pleased to announce the first milestone release of Spring for GraphQL 1.2.0 is now available from our Milestone repository. This version will be shipped with Spring Boot 3.1.0-M2 due for release this Thursday.

This first milestone raises the baseline to GraphQL Java 20.0 and we will align with the new GraphQL Java release policy in the future. We are also upgrading to the next generations of Spring Framework, Spring Data and Spring Security.

Pagination Support

When it comes to navigating large result sets with GraphQL, the Cursor Connection Specification is very popular. With the features…

On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Framework 6.0.7 and 5.3.26 versions are available now.

Spring Framework 6.0.7 ships with 28 fixes and documentation improvements, including 2 fixes for regressions. Spring Framework 5.3.26 ships with 40 fixes and documentation improvements.

Those versions fix the following CVEs:

• cve-2023-20860: Security Bypass With Un-Prefixed Double Wildcard Pattern
• cve-2023-20861: Spring Expression DoS Vulnerability

Those versions will be shipped with Spring Boot 3.0.5 and 2.7.10, to be released Thursday. In…

On behalf of the team, I am pleased to announce that Spring Framework 5.2.23.RELEASE is available now. This release has been requested by Spring Framework commercial support customers and is available on Maven Central.

Spring Framework 5.2.23.RELEASE ships with 3 fixes, including a fix for the following CVE:

• cve-2023-20861: Spring Expression DoS Vulnerability.
• 5.2.22.RELEASE was not vulnerable to cve-2023-20860, so no fix was required.

This version will not be shipped with a Spring Boot release as 2.3.x is out of commercial support. You can manually upgrade Spring Framework in your Spring Boot Maven or Gradle builds. Upgrading to a supported Spring Boot version is…

On behalf of the team, I’m pleased to announce the availability of the 3rd Milestone of the Spring Data 2023.0 release train as well as service releaes 2022.0.4 & 2021.2.10. These releases ship with improvements, including fixes for regressions.

The upcoming Spring Boot 3.0.5 and 2.7.10 releases are going to pick up the service releases for your convenience.

New features included in 2023.0.0 Milestone 3 are amongst others:

• A new scroll API to support offset and key based pagination
• Improvements in JPA query parsing for HQL and JPQL
• Support for MongoDB's explicit field level encryption
• Aggregate reference request parameters in Data REST
…

On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Vault 3.0.2 and 2.3.3 versions are available now.

Spring Vault 3.0.2 ships with 7 fixes and documentation improvements Spring Vault 2.3.3 ships with 13 fixes and selected improvements.

Those versions fix the following CVE:

CVE-2023-20859: Insertion of Sensitive Information into Log Sourced from Failed Revocation of Tokens

Those versions will be shipped with Spring Cloud in the next days. Until then, please override the dependency version in your project.

For Gradle builds in build.gradle:

…

Dear Spring Community,

I am happy to announce the 4.18.0 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Theia.

updates to the Spring Tools 4 for Eclipse distribution

• updated to Eclipse 2023-03 release (new and noteworthy)

important highlights

• (Spring Boot): new and vastly improved content-assist for Spring Data repository query methods (thanks to contributions from @danthe1st)
• (Spring Boot): the additional reconciling of Spring Boot projects to show Spring specific validations, outdated versions and more, now reports progress, runs faster, and uses less memory - please consider using this and tell us about your experiences and if you hit issues while having this feature enabled
• (VSCode): fixed an extremely annoying issue that caused regular Java content-assist in VSCode to stop working after a short while
• (Eclipse): a bug in m2e got fixed and is included in this release, which caused resource files (e.g. application.properties) to not be copied into the target folder anymore. This works again and automatically copies your changed application.properties…

On behalf of the team and everyone who has contributed, we are very excited to announce the 2.10.2 release of Spring Cloud Data Flow is now available from Maven Central. Release Notes

Spring updates

Updates to the following versions:

• Spring Boot 2.7.9

Stay in touch...

Project Page Data Flow Mini-site

As always, we welcome feedback and contributions, so please reach out to us on Stackoverflow or GitHub.

I am excited to announce the availability of Spring Modulith 0.5. The most relevant features the release ships are:

• #152 – A dedicated starter to ease inclusion of actuator and observability features
• #163 – The renamed property to trigger JDBC database initialization. (spring.modulith.events.schema-initialization.enabled -> spring.modulith.events.jdbc-schema-initialization.enabled)
• #149 – Default to await termination of task executors unless configured not to
• #150 – Scenario should run stimulus in new transaction
• #162, #154 – The usual dependency upgrades (Spring Boot 3.0.4, jMolecules 2022.2.4)
…

On behalf of the team, I’m pleased to announce the availability of Spring Data 2022.0.3 and 2021.2.9 service releases. These releases ship with improvements, including fixes for regressions. Some of them were important enough that we decided to release this version early, outside of the usual schedule.

The upcoming Spring Boot 3.0.4 release is going to pick up Spring Data 2022.0.3 for your convenience. If you want to upgrade your Spring Boot 2.7.x application to use Spring Data 2021.2.9, then use the version property mechanism to specify the Spring Data BOM version:

Maven POM:

<properties…