UPDATE 2020-05-13: The following versions of Spring Security address CVE-2020-5407 and CVE-2020-5408
On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.2 (release notes), 5.2.4 (release notes), 5.1.10 (release notes) , 5.0.16 (release notes), 4.2.16 (release notes). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release.
In January 2018, we announced that the Spring Security OAuth (legacy) project is officially in maintenance mode. Later in November of 2019, we provided an update in the Spring Security OAuth 2.0 Roadmap, stating that the 2.3.x line will reach end-of-life in March 2020.
The currently supported version branches are 2.4.x and 2.5.x, with the 2.5.0 release scheduled for May 2020, which will be the final minor release.
To that end, the plan is to provide patch and security fixes for the 2.4.x and 2.5.x line until May 2021. Additionally, security fixes will be supported for the 2.5.x line until May 2022, at which point the project will have reached end-of-life. The same end-of-life timeline applies to the Spring Boot 2 auto-configuration project…
Hi, Spring fans! Welcome to the recap installment for the seventh season of Spring Tips! I can't believe we're already on season seven! In October of 2020, it'll be 4 straight years of doing these videos. Hopefully, they're helping.
Every season consists of 11 episodes and one recap blog post. Sometimes, I'll do an occasional extra episode or I'll do an episode during the interregnum between seasons as the situations sometimes demand. But, for now, I'm done for a little while - not as long as last time, for sure! But a little while. I need time to gather my resources, prepare new content, finish the Reactive Spring book, and…
Hi, Spring fans! Welcome to another installment fo This Week in Spring! How're you all holding up? Me? I'm doing well, thanks. We've got a ton of stuff to get to so let's!
Here's the latest graph of memory versus billing for Spring Cloud Function on AWS Lambda. It shows the billing metric GBsec as a function of memory allocation in Lambda for two custom runtimes, one in plain Java and one using a GraalVM native image, as described recently in this blog by Andy Clement:
In both cases the functionality is identical (a simple POJO-POJO function), and they both show only the results for cold start. Warm starts, where the function was already active when the request came in, were much faster and cheaper (except for the smallest memory setting they all cost the same…
On behalf of the team and everyone that contributed, I am pleased to announce that the first release candidate of Spring Boot 2.3 is available now from our milestone repository.
This release closes over 70 issues and pull requests. Thanks to all those who have contributed.
Highlights of this milestone include:
developmentOnly configuration in Gradle.For a complete list of changes and upgrade instructions, please see the Spring Boot 2.3 Release Notes on the wiki and the updated reference documentation…
Hi, Spring fans! In this installment Josh Long (@starbuxman) talks to the founder of - among other things - Feign, JCloud, and Spring Cloud Sleuth - Adrian Cole (@adrianfcole) about distributed tracing, Zipkin, and more.
The 2.5.0.RC1 release candidate is now avaialable in the Spring milestone repo.
Update: 2.5.0.RELEASE was released on May 13th.
Highlights:
kafka-clients 2.5.0 (alignment of version numbers is coincidental).
Support for re-committing retryable offset commit exceptions for retained partitions when using cooperative rebalancing.
Support for the new "fetch-offset-request" procuder fencing (when brokers are 2.5 or higher), requiring fewer producers.
Support for static group membership.
More integration with Micrometer.
Optional Delivery Attempts header.
RecoveringBatchErrorHandler can commit a partial batch and replay from failed record in a batch (with cooperation of the listener); this is now the default for a batch listener.
I’m pleased to announce the first (and the last) release candidate for Spring Integration 5.3.
This release ships several bug fixes, a bunch of new features and improvements and will be picked up by Spring Boot 2.3 RC1.
It can be downloaded from our milestone repository:
compile 'org.springframework.integration:spring-integration-core:5.3.0.RC1'
The MongoDbChangeStreamMessageProducer - a reactive MessageProducerSupport implementation for the Spring Data ReactiveMongoOperations.changeStream(String, ChangeStreamOptions, Class) API. This component produces a Flux of messages with a body of ChangeStreamEvent as the payload by default and some change stream related headers (see MongoHeaders).
The ReactiveMessageSourceProducer - a reactive implementation of the MessageProducerSupport to wrap a provided MessageSource into a Flux for on demand receive() calls.
The ReceiveMessageAdvice - a former AbstractMessageSourceAdvice is graduated now to more common advice approach which can be used also for the PollableChannel.receive() proxying.
The Spring team has decided to change the versioning scheme for both release trains and project modules. These changes will be coming in the next release train and minor releases for each project. In fact, the changes are already present in Spring Cloud 2020.0.0-M1. Maven and Gradle do not provide the exact same version ordering, but we are working with the Gradle team to ensure the Spring scheme ends up sorted in the same way with both tools.
Spring has been using alphabetically ordered, themed release train versions since 2013. Release trains contain a group of…
VMware offers training and certification to turbo-charge your progress.
Learn moreTanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreCheck out all the upcoming events in the Spring community.
View all