Spring Security 5.5.0-M3 Released

Releases | Eleftheria Stein-Kousathana | March 15, 2021 | ...

On behalf of the community, I’m pleased to announce the release of Spring Security 5.5.0-M3! You can find the complete details in the release notes and the highlights below:

OAuth 2.0

gh-8975 - Add BearerTokenAuthenticationConverter

SAML

gh-9317 - Add setMetadataFilename method to Saml2MetadataFilter

gh-9310 - Throw Saml2AuthenticationException in Saml2AuthenticationTokenConverter on deflation or decoding error

ACL

gh-9425 - Allow ACL to be owned by GrantedAuthoritySid

Kotlin

gh-9319 - Kotlin DSL extension for rememberMe

Web

gh-9387 - Improve HttpSessionSecurityContextRepository performance

Project Site | Reference |

Deploy Spring Boot applications by leveraging enterprise best practices – Azure Spring Cloud Reference Architecture

Engineering | Josh Long | March 11, 2021 | ...

Deploy Spring Boot applications by leveraging enterprise best practices – Azure Spring Cloud Reference Architecture

Today, we’re excited to announce the availability of the Azure Spring Cloud Reference Architecture. You can get started by deploying the Azure Spring Cloud Reference Architecture to accelerate and secure Spring Boot applications in the cloud at scale using validated best practices.

Over the past year, we worked with many enterprise customers to learn about their scenarios including thoughts on scaling properly, security, deployment, and cost requirements. Many of these customers…

Announcing Spring Native Beta!

Engineering | Sébastien Deleuze | March 11, 2021 | ...

Today, after one year and half of work, I am pleased to announce that we’re launching the beta release of Spring Native and its availability on start.spring.io!

In practice, that means that in addition to the regular Java Virtual Machine supported by Spring since its inception, we are adding beta support for compiling Spring applications to native images with GraalVM in order to provide a new way to deploy Spring applications. Java and Kotlin are supported.

Those native Spring applications can be deployed as a standalone executable (no JVM installation required) and offer interesting…

This Week in Spring - March 9th, 2021

Engineering | Josh Long | March 10, 2021 | ...

Hi, Spring fans! Welcome to another installment of This Week in Spring! Tomorrow is the day of Spring One Tour - do not miss this event! We've also got a lot to get into this week so, without further ado...

This Week in Spring - March 2nd, 2021

Engineering | Josh Long | March 02, 2021 | ...

Hi, Spring fans! Welcome to another installment of This Week in Spring! I've finally managed to get my joshlong.com/feed.html page working again so if you're curious about what I'm doing, check this feed out.

We've got a really great roundup this week, so let's get into it.

Spring Integration Zip 1.0.4 & CVE-2021-22114

Releases | Artem Bilan | March 01, 2021 | ...

Dear Spring community,

On behalf of the team and everyone who contributed, it is my pleasure to announce 1.0.4.RELEASE version for Spring Integration Zip extension.

CVE-2021-22114

The UnZipTransformer doesn’t cover all the cases for Zip Slip Vulnerability and some particular zip entry names may still end up outside of working directory.

The updated fix has been released in the spring-integration-zip-1.0.4.RELEASE version together with some other bug fixes and improvements. We also have published a new advisory for CVE-2021-22114.

Credit: Trung Pham, Viettel Cyber Security.

Everybody who’s…

Spring Tips: Spring Cloud Gateway (Redux)

Engineering | Josh Long | February 24, 2021 | ...

Hi, Spring fans! In this installment of Spring Tips, I revisit Spring Cloud Gateway.

Here's what's inside:

Intro

11:12​ Have your cake and Eat it too with an API Gateway

Basics

00:11:37​ Get to Know Your New Gateway 00:21:18​ The Observable Gateway
00:22:39​ Meet The Supporting Characters
00:24:30​ Reactive Data For The Demo
00:28:10​ A Reactive WebSocket Endpoint 00:31:00​ Reactive HTTP Endpoint

Behind the Source with Spring Cloud co-founder, lead, and Spring Cloud Gateway creator Spencer Gibb

00:33:00​ Spencer Gibb

Service Discovery

37:59​ Introducing Spring Cloud Netflix Eureka 40:4…

Get the Spring newsletter

Thank you for your interest. Someone will get back to you shortly.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all