close

Spring Security 5.4.0-M1 Released

On behalf of the community, I’m pleased to announce the release of Spring Security 5.4.0-M1! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8185 - Resource Server configurers pick up a JwtAuthenticationConverter bean
gh-8324 - Configure AuthoritiesMapper in Reactive OAuth2Login
gh-8324 - Validate ID Token Issuer
gh-8337 - Allow custom header during bearer token extraction
gh-8332 - Provide possibility to use custom cache to store JWK Set

Web

gh-2693 - Transfer session’s max inactive interval in SessionFixationProtectionStrategy
gh-4183 - SwitchUserFilter vulnerable to CSRF
Read more

Spring Boot 2.2.7 available now

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.2.7 has been released and is now available from repo.spring.io and Maven Central.

This release includes 80 bug fixes, enhancements, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

Important Security Advisory

This version of Spring Boot includes a dependency upgrade to Spring Security 5.2.4.RELEASE. It contains fixes for CVE-2020-5407 and CVE-2020-5408, see also the official announcement.

Read more

Spring Boot 2.1.14 available now

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.1.14 has been released and is now available from repo.spring.io and Maven Central.

This release includes 61 bug fixes, enhancements, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

Important Security Advisory

This version of Spring Boot includes a dependency upgrade to Spring Security 5.1.10.RELEASE. It contains fixes for CVE-2020-5407 and CVE-2020-5408, see also the official announcement.

Read more

Spring Security 5.3.2, 5.2.4, 5.1.10, 5.0.16, 4.2.16 Released

UPDATE 2020-05-13: The following versions of Spring Security address CVE-2020-5407 and CVE-2020-5408

On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.2 (release notes), 5.2.4 (release notes), 5.1.10 (release notes) , 5.0.16 (release notes), 4.2.16 (release notes). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release.

Read more

Spring Boot 2.3.0.RC1 available now

On behalf of the team and everyone that contributed, I am pleased to announce that the first release candidate of Spring Boot 2.3 is available now from our milestone repository.

This release closes over 70 issues and pull requests. Thanks to all those who have contributed.

Highlights of this milestone include:

  • Auto-configuration of a Wavefront sender bean.
  • Easier configuration of the data/time converts used by web applications.
  • Automatic creation of the developmentOnly configuration in Gradle.
  • Java buildpack support from the newly created Paketo project.
Read more

Spring for Apache Kafka 2.5.0 Release Candidate

The 2.5.0.RC1 release candidate is now avaialable in the Spring milestone repo.

Update: 2.5.0.RELEASE was released on May 13th.

Highlights:

  • kafka-clients 2.5.0 (alignment of version numbers is coincidental).

  • Support for re-committing retryable offset commit exceptions for retained partitions when using cooperative rebalancing.

  • Support for the new "fetch-offset-request" procuder fencing (when brokers are 2.5 or higher), requiring fewer producers.

  • Support for static group membership.

  • More integration with Micrometer.

  • Optional Delivery Attempts header.

  • RecoveringBatchErrorHandler can commit a partial batch and replay from failed record in a batch (with cooperation of the listener); this is now the default for a batch listener.

  • Default error handler for record listener is now the SeekToCurrentErrorHandler.

  • Overridable producer properties in the KafkaTemplate allowing multiple templates to use the same producer factory.

  • Simple String serializer and deserializer are now provided.

  • More flexibility to determin the type to create in the JsonDeserializer.

Read more

Spring Integration 5.3 RC1, 5.2.6 & 5.1.10 Available

I’m pleased to announce the first (and the last) release candidate for Spring Integration 5.3.

This release ships several bug fixes, a bunch of new features and improvements and will be picked up by Spring Boot 2.3 RC1.

It can be downloaded from our milestone repository:

compile 'org.springframework.integration:spring-integration-core:5.3.0.RC1'

The most important new features are:

  • The MongoDbChangeStreamMessageProducer - a reactive MessageProducerSupport implementation for the Spring Data ReactiveMongoOperations.changeStream(String, ChangeStreamOptions, Class) API. This component produces a Flux of messages with a body of ChangeStreamEvent as the payload by default and some change stream related headers (see MongoHeaders).

  • The ReactiveMessageSourceProducer - a reactive implementation of the MessageProducerSupport to wrap a provided MessageSource into a Flux for on demand receive() calls.

  • The ReceiveMessageAdvice - a former AbstractMessageSourceAdvice is graduated now to more common advice approach which can be used also for the PollableChannel.receive() proxying.

  • The TcpOutboundGateway now can work in an async mode - you’ll get an actual reply from the returned Future.

  • We also have applied a GitHub default community health. Check this out when you try to raise a new issue https://github.com/spring-projects/spring-integration/issues/new/choose!

See What’s New? in the Reference Manual for more information. Also see a blog post for the previous Milestone 3.

We’re looking forward to your feedback for upcoming GA in May!

In addition to this 5.3 RC1 we also have released maintenance versions - 5.2.6 & 5.1.10 with some bug fixes and upgrades. Based on Spring Integration 5.3 RC1 and Spring for Apache Kafka 2.5 RC1 a spring-integration-kafka-3.3.0.RC1 was also released to pick up improvements and new feature from its "parents".

Read more

Spring Data Neumann RC2, Moore SR7, and Lovelace SR17

On behalf of the team, I’m pleased to announce Spring Data releases Neumann RC2, Moore SR7, and Lovelace SR17. This triple-feature is built on top of today’s Spring Framework releases 5.2.6 (Neumann and Moore) and 5.1.15 (Lovelace).

Spring Data Neumann RC2 contains 96 new features, improvements, and fixes. Spring Data Moore SR7 ships with 40 fixes and improvements. Finally, Spring Data Lovelace SR17 includes 39 selected fixes.

Spring Data Neumann RC2 ships with numerous improvements and new features. The most interesting amongst these are:

Read more

Spring Framework 5.2.6, 5.1.15, 5.0.17, and 4.3.27 available now

On behalf of the team and everyone who has contributed, I am pleased to announce a full round of Spring Framework releases.

Spring Framework 5.2.6 includes 46 fixes and improvements. Spring Framework 5.1.15 includes 16 selected fixes and improvements.

Maintenance releases for 5.0.x (5.0.17) and 4.3.x (4.3.27) with 12 selected fixes and improvements and 5 selected fixes and improvements respectively are also available today.

As usual, we’ll follow up shortly with corresponding Spring Boot releases (2.2.7 and 2.1.14) as well as a release candidate for Spring Boot 2.3!

Read more