Spring Project Vulnerability Reports Published

Engineering | Rossen Stoyanchev | May 09, 2018 | ...

The following CVEs have been published today:

Please, review the information in the CVE reports and upgrade immediately.

Spring Boot Users: Spring Boot 2.0.2 and 1.5.13, released earlier today, contain the fixes for the above vulnerabilities.

Spring Boot 2.0.2

Releases | Andy Wilkinson | May 09, 2018 | ...

On behalf of the team and the community, I am pleased to announce that Spring Boot 2.0.2 is now available from repo.spring.io and Maven Central.

Spring Boot 2.0.2 includes over 80 fixes, improvements, and dependency updates. Thanks to everyone that has contributed with issue reports and pull requests. Please note that a number of the upgraded dependencies contain fixes for various security vulnerabilities. Please see this blog post for further details.

How can you help?

If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter

Spring Boot 1.5.13

Releases | Andy Wilkinson | May 09, 2018 | ...

On behalf of the team and community, I am pleased to announce that Spring Boot 1.5.13 has been released and is is now available from repo.spring.io and Maven Central.

Spring Boot 1.5.13 includes over 20 fixes, improvements and dependency updates. Thanks to all that have contributed with issue reports and pull requests. Please note that a number of the upgraded dependencies contain fixes for various security vulnerabilities. Please see this blog post for further details.

How can you help?

If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter

Spring Security OAuth 2.3.3, 2.2.2, 2.1.2, 2.0.15 Released

Releases | Joe Grandja | May 08, 2018 | ...

I’m pleased to announce the releases of Spring Security OAuth 2.3.3, 2.2.2, 2.1.2 and 2.0.15. These maintenance releases primarily deliver bug fixes.

For a complete list of changes, please refer to:

2018-05-09 Update: The releases address a vulnerability. Please see this blog post published after the associated Spring Boot 1.5.13 release.

Project Page | GitHub | Documentation | Help

Spring Session Apple SR2

Releases | Rob Winch | May 08, 2018 | ...

On behalf of the community I’m pleased to announce the release of Spring Session BOM Apple-SR2. This release includes an update to the core modules and adds support for Spring Session for Apache Geode. You can use the BOM

With Maven:

<dependencyManagement>
	<dependencies>
		<dependency>
			<groupId>org.springframework.session</groupId>
			<artifactId>spring-session-bom</artifactId>
			<version>Apple-SR2</version>
			<type>pom</type>
			<scope>import</scope>
		</dependency>
	</dependencies>
</dependencyManagement>
<dependencies>
	<dependency>
		<groupId>org.springframework.session</groupId…

This Week in Spring - May 8th, 2018

Engineering | Josh Long | May 08, 2018 | ...

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I'm in Manchester, UK, for an appearance at the Manchester JUG and then it's off to London, UK, for some customer visits and the epic Devoxx UK event. This time next week I'll be in Denver, USA, for the SpringOne Tour event. If you're in any of these places, as usual, don't hesitate to reach out and say hi (@starbuxman)

Spring Data Ingalls SR12 and Kay SR7 released

Releases | Mark Paluch | May 08, 2018 | ...

On behalf of the Spring Data team, I'd like to announce the availability of the Ingalls SR12 and Kay SR7 service releases. Both releases pick up the just-released Spring Framework versions 4.3.17 and 5.0.6, respectively. The upcoming Spring Boot 1.5.13 will pick up Ingalls SR12, and Spring Boot 2.0.2 picks up Kay SR7 for your convenience.

Both releases ship with over 100 tickets fixed in total and are recommended upgrades to all users of the Ingalls and Kay release trains. You can find all the details within the linked changelogs.

2018-05-09 Update: The releases address a vulnerability. Please see this blog post published after the associated Spring Boot 2.0.2 and 1.5.13

Get the Spring newsletter

Thank you for your interest. Someone will get back to you shortly.

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all