Hi, Spring fans! Welcome to another installment of This Week in Spring! This week, I'm home, in San Francisco, California, in the US, where the fears around Coronavirus have heated up and made things problematic for those of us who travel. It looks like, at least for the immediate future, I'll be - basically - grounded. Stay safe out there, my friends.

The good news is that this will let me get to a ton more other things like the blogs, A Bootiful Podcast and Spring Tips and of course my Reactive Spring book. And of course, we've got a ton of things to get to today in today's installment of This Week in Spring, so…

Time: approximately 15 mins.

In the diverse world of microservices, HTTP is the undisputed leader in agent-to-agent communications. It’s mature, well established, and everywhere. But in some cases, HTTP request-response can be cumbersome. What if you need communication patterns beyond traditional request-response, such as fire-and-forget or streaming? And what if you want to send messages in either direction?

With HTTP, there are ways to achieve this but it’s not what the protocol was built for. Many of the solutions come with additional tradeoffs or shortcomings. Plus, here’s no rulebook that…

Hi, Spring fans! Welcome to another installment of A Bootiful Podcast! In today's installment Josh Long (@starbuxman) talks to Spring Cloud team member lead Marcin Grzejszczak.

• Spring Cloud Contract
• Spring Cloud Sleuth
• Marcin on Twitter

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 2.2.5 has been released and is now available from repo.spring.io and Maven Central.

This release includes 62 bug fixes, enhancements, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

Important Security Advisory

This version of Spring Boot includes a dependency upgrade to Reactor Netty 0.9.5. It contains fixes for CVE-2020-5403 and CVE-2020-5404.

How can you help?

If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 2.1.13 has been released and is now available from repo.spring.io and Maven Central.

This release includes 34 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

Important Security Advisory

This version of Spring Boot includes a dependency upgrade to Reactor Netty 0.8.16. It contains a fix for CVE-2020-5404.

How can you help?

If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter…

The following CVE reports were published today:

• CVE-2020-5403 affecting Reactor Netty HttpServer 0.9.3 and 0.9.4.
• CVE-2020-5404 affecting Reactor Netty HttpClient for all 0.8.x and 0.9.x versions in applications where the automatic following of redirects is explicitly enabled.

The fixes are in Reactor Netty 0.9.5 and 0.8.16. If using the reactor-bom, you can upgrade to Dysprosium-SR5 or Californium-SR16.

Reactor Netty is used internally in many frameworks including Spring WebFlux and its WebClient. If you have a Spring Boot application, you can upgrade to Spring Boot 2.2.5 or 2.1.13.

On behalf of the community, I'd like to announce the availability of the Spring Data Moore SR5 and Lovelace SR16 service releases.

Moore SR5 ships with 61 tickets fixed, and Lovelace SR16 ships with 43 tickets fixed. Both releases contain mostly bug fixes and dependency upgrades. Moore SR5 is built on top of the just-released Spring Framework 5.2.4 and will be picked up by Spring Boot 2.2.5 for your convenience. Similarly, Lovelace SR16 uses Spring Framework 5.1.14 and will be included by Spring Boot 2.1.13 in the next days.

Finally, here are links to the reference documentation, changelogs…

Hi, Spring fans! In this installment of Spring Tips, we're going to look at Alibaba's Apache RocketMQ. We've talked some about Alibaba in Spring Tips before. Check out the earlier Spring Tips installment in which we explore some of Spring Cloud Alibaba.

Running Apache RocketMQ

In order to use Apache RocketMQ, you'll need to follow the steps in the RocketMQ quickstart. This Spring Tips installment introduces Apache RocketMQ, originally a technology developed and used internally at Alibaba and proven in the forge of 11/11, the famous Chinese sales holiday, sort of like "Cyber Monday," or "Black Friday," in the US. Sort of like that, but waaaaaay bigger. In 2019, Alibaba (alone, with no other e-commerce engines involved), made almost $40 billion USD in 2…

Hi, Spring fans! This week I am in delicious Philadelphia enjoying the amazing food (scrapple! TastyKakes!) and hanging out with amazing customers using VMWare and Spring to great effect. It's been a busy week since we last talked: I released a new Spring Tips installment, wrote a bunch of blogs, recorded a new podcast, and published a new podcast installment. We've got a lot to get to today so let's get to it!

• In this first installment of Spring Tips, season 7, I look at RSocket and Spring Security
• Spring Framework 5.2.4 and 5.1.14 available now
• Netflix Built a Spring Application Generator to Boost Dev Productivity. Here's How You Can, Too.
• Spring Boot for Apache Geode & Pivotal GemFire 1.3.0.M2 Available
• Spring Session for Apache Geode & Pivotal GemFire 2.3.0.M2 Available
• Netflix Built an Application Generator to Boost Productivity. Here's How You Can, Too.
• A Bootiful Podcast: Building China-scale Infrastructure at Alibaba with Spring Cloud, Rsocket, and more
• You should probably check this video on …