close

Spring Cloud Data Flow 2.6.0 Released

Spring Cloud Data Flow team is pleased to announce the release of 2.6.0.

This 2.6.0 adds usual bug fixes and the following key highlights:

  • Wavefront
    New integration to monitor streams and tasks using Wavefront. More
    about this feature can be found from Stream Monitoring and Task Monitoring

  • Platform Support for Scheduling
    Tasks scheduling now have a platform support. See Scheduling Tasks

  • Java CFEnv
    We’re now on a new version of Java CFEnv which greatly improves user experience when there is a need to bind to user created services.

  • Bitnami
    We’ve moved from a Helm Hub to Bitnami as a helm chart storage.

  • Composed Task Runner as SCDF native module
    Composed Task Runner is now an integral part of SCDF itself and gets registered implicitly while the users who have the custom composed task runner can still override the native one. This enables us to integrate the composed tasks management within the context of Spring Cloud Data Flow.

  • Stream Applications
    This is also a good reminder what’s happening on our application space by following blog series Creating a Supplier Function and generating Spring Cloud Stream Source

Read more

Spring HATEOAS 1.1.1.RELEASE is out!

Dear Spring community,

Spring HATEOAS 1.1.1.RELEASE is out, the first patched release of the latest stable line, supporting Spring Boot 2.3.

Among many things, you’ll find:

  • We are now listing community-led efforts to implement other media types. JSON:API and Siren are the latest. You want to add another media type? Just check out the details.

  • VndErrors is a media type for reporting, well, errors. And it has had a sneaky bug that crept in that we’ve now patched. "logref" values are no longer confined to integers. It’s important to also note that the VndErrors spec is showing no signs of life, hence we’ve deprecated its support. If you’re starting a new hypermedia-driven project, our recommendation is to use RFC-7807’s application/problem+json format instead. The API is more elegant and more importantly, under active development. And we’ve made some fixes based on community feedback.

  • We are continuing to fix memory usage issues as more people crank out hypermedia links in more intense environments.

  • Spring HATEOS has de-lomboked the source code. This effort has been applied to the latest 1.2 and this version of 1.1 as well. (Versions predating 1.1 aren’t getting backports except in very special situations.)

Read more

Spring Tools 4.7.1 released

Dear Spring Community,

I am happy to announce the 4.7.1 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Theia.

Highlights from this release include:

  • (Spring Boot) enhancement: Syntax check for Annotations with Spring Expression Language (#475)
  • (Spring Boot) fixed: hard to reproduce BadLocationException inside of language server fixed now, occurred e.g. in (#451)
  • (Eclipse) new: early access update sites and distribution builds for Eclipse 2020-09 available now (and requires JDK11 to run)
  • (Eclipse) improvement: old Spring Boot launch configs are now “fixed” automatically to exclude test classes again
  • (Eclipse) improvement: new Spring Symbols view now works a lot better when selecting the file scope (also takes selections from package explorer into account)
  • (Eclipse) fixed: STS4 Does Not Start After Installing Papyrus Plugin (#499)
  • (Eclipse) fixed: language server now being shutdown correctly when used by new Spring Symbols view
  • (Eclipse) fixed: it is possible now to install the Spring Tools 4 into an existing Eclipse via the Spring Tools 4 p2 repo only - the main Eclipse update site doesn’t have to be enabled anymore (#497)
Read more

Spring Boot for Apache Geode & VMware GemFire 1.1.9.RELEASE, 1.2.9.RELEASE, 1.3.1.RELEASE and 1.4.0-M1 now available!

On behalf of the Spring, Apache Geode and VMware GemFire communities, it is my pleasure to announce new releases of Spring Boot for Apache Geode & VMware GemFire (SBDG).

SBDG 1.1.9.RELEASE is now available and builds on Spring Boot 2.1.16.RELEASE, Spring Data Lovelace-SR19 and Spring Session Bean-SR11.

SBDG 1.2.9.RELEASE is now available and builds on Spring Boot 2.2.9.RELEASE, Spring Data Moore-SR9 and Spring Session Corn-SR3.

SBDG 1.3.1.RELEASE is now available and builds on Spring Boot 2.3.1.RELEASE, Spring Data Neumann-SR2 and Spring Session Dragonfruit-RELEASE. In addition, this release pulls in the new Spring Test for Apache Geode & VMware GemFire (STDG) 0.0.17.RELEASE with some nice additions there, discussed under What’s New.

Read more

Spring Cloud 2020.0.0-M3 (aka Ilford) is Available

RELEASE

On behalf of the community, I am pleased to announce that the Milestone 3 (M3) of the Spring Cloud 2020.0 Release Train (code name Ilford) is available today. The release can be found in Spring Milestone repository. You can check out the 2020.0 release notes for more information.

Notable Changes in the 2020.0 Release Train

This release requires Spring Boot 2.4.0-M1.

See all of the included issues and pull requests at the Github project.

Spring Cloud Sleuth

  • Improvement with Reactor integration issue
  • Integration with Spring Cloud Function
  • Integration with MongoDB issue
Read more

Spring Boot 2.3.2 available now

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.3.2 has been released and is now available from repo.spring.io and Maven Central.

This release includes 88 bug fixes, enhancements, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Read more

Spring Boot 2.2.9 available now

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.2.9 has been released and is now available from repo.spring.io and Maven Central.

This release includes 40 bug fixes, enhancements, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Read more

Spring Boot 2.1.16 available now

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.1.16 has been released and is now available from repo.spring.io and Maven Central.

This release includes 21 bug fixes, enhancements, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Read more

Spring Integration 4.3.23, 5.1.12, 5.2.8 & 5.3.2 available; CVE-2020-5413

Dear Spring community,

On behalf of the team and everyone who contributed, it is my pleasure to announce a number of maintenance releases for Spring Integration. Mostly these versions contain bug fixes and dependency upgrades.

CVE-2020-5413

The Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when the incoming data contains malicious code for execution during deserialization.

In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration calls kryo.setRegistrationRequired(true); (trust no one) by default and pre-configures out-of-the-box Message<?> implementations as trusted classes. All other types have to be registered with Kryo using any available KryoRegistrar strategy injected into a PojoCodec.

Credit: ChengGao, ZeZhiLin, Alibaba Cloud Intelligence Security Team https://www.aliyun.com/.

All the mentioned Spring Integration versions include the fix for this CVE; everybody who’s using Kryo support in Spring Integration is encouraged to upgrade respectively.

Cheers, 
Artem

Read more

Spring Data Neumann SR2, Moore SR9, and Lovelace SR19 available now

On behalf of the team, I’m pleased to announce a Spring Data release triple feature: Neumann SR2, Moore SR9, and Lovelace SR19. These service releases are built on top of Spring Framework releases 5.2.8 (Neumann and Moore) and 5.1.17 (Lovelace) and ship with mostly dependency upgrades and fixes, along with a few selected improvements.

Spring Data Neumann SR2 contains 70 improvements and fixes. Spring Data Moore SR9 ships with 35 fixes and improvements. Last, Spring Data Lovelace SR19 includes 23 selected fixes.

Read more