On behalf of the Spring, Apache Geode and VMware GemFire communities, it is my pleasure to announce new releases of Spring Boot for Apache Geode & VMware GemFire (SBDG).

SBDG 1.1.9.RELEASE is now available and builds on Spring Boot 2.1.16.RELEASE, Spring Data Lovelace-SR19 and Spring Session Bean-SR11.

SBDG 1.2.9.RELEASE is now available and builds on Spring Boot 2.2.9.RELEASE, Spring Data Moore-SR9 and Spring Session Corn-SR3.

SBDG 1.3.1.RELEASE is now available and builds on Spring Boot 2.3.1.RELEASE, Spring Data Neumann-SR2 and Spring Session Dragonfruit-RELEASE. In addition, this release pulls in the new Spring Test for Apache Geode & VMware GemFire (STDG) 0.0.17.RELEASE with some nice additions there, discussed under What’s New…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 2.1.16 has been released and is now available from repo.spring.io and Maven Central.

This release includes 21 bug fixes, enhancements, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 2.2.9 has been released and is now available from repo.spring.io and Maven Central.

This release includes 40 bug fixes, enhancements, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 2.3.2 has been released and is now available from repo.spring.io and Maven Central.

This release includes 88 bug fixes, enhancements, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter…

On behalf of the team, I'm pleased to announce a Spring Data release triple feature: Neumann SR2, Moore SR9, and Lovelace SR19. These service releases are built on top of Spring Framework releases 5.2.8 (Neumann and Moore) and 5.1.17 (Lovelace) and ship with mostly dependency upgrades and fixes, along with a few selected improvements.

Spring Data Neumann SR2 contains 70 improvements and fixes. Spring Data Moore SR9 ships with 35 fixes and improvements. Last, Spring Data Lovelace SR19 includes 23 selected fixes.

All service releases will be picked up by the upcoming Spring Boot 2.3.2, 2.2.9, respective 2.1.16 releases for…

Dear Spring community,

On behalf of the team and everyone who contributed, it is my pleasure to announce a number of maintenance releases for Spring Integration. Mostly these versions contain bug fixes and dependency upgrades.

CVE-2020-5413

The Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when the incoming data contains malicious code for execution during deserialization.

In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration calls kryo.setRegistrationRequired(true); (trust no one) by default and pre-configures out-of-the-box Message<?> implementations as trusted classes. All other types have to be registered with Kryo using any available KryoRegistrar strategy injected into a PojoCodec…

On behalf of the team and everyone who has contributed, I am pleased to announce a full round of Spring Framework releases.

Spring Framework 5.2.8 includes 36 fixes and improvements. Spring Framework 5.1.17 includes 15 selected fixes and improvements.

The maintenance release for 5.0.x (5.0.18) ships with 13 selected fixes and improvements. The 4.3.x branch (4.3.28) also ships with 13 selected fixes and improvements, including a CORS configuration change (see gh-25414 and the CORS section of the reference documentation for more details).

As usual, we'll follow up shortly with corresponding Spring Boot releases (2.3.2, 2.2.9 and 2.1.16…

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Initializr 0.9.0 has been released and is now available from repo.spring.io and Maven Central.

This release includes 34 fixes, improvements and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

For full upgrade instructions and new and noteworthy features please see the release notes.

GitHub | Issues | Documentation | Stack Overflow | Gitter

We are happy to announce the release of Spring Cloud Stream applications 2020.0.0-M2. This release is a complete overhaul of the legacy Spring Cloud Stream App Starters. Starting with this release, we are moving away from theme-oriented release train names (famous scientists in alphabetical order) to calendar based versioning. The current GA release is called Einstein, and we are pleased to introduce 2020.0.0-M2. We are also moving away from the app starters. Having reorganized, repackaged, and (in some cases) rewritten the underlying code, we now have a new Git repository: spring-cloud/stream…