We are pleased to announce the 2.0.0.M4 release of the Spring Cloud Stream Elmhurst release train.

Spring Cloud Stream Elmhurst 2.0.0.M4 is available for use in the Spring Milestone repository. The release notes include relevant information about version compatibility with Spring Boot, Spring Cloud, Spring AMQP, and Spring for Apache Kafka.

The following sections list the summary of features and improvements included in this release:

• Continuing performance improvements around Content-type resolution
• Introduction of Polling Source as an alternative to the event-driven message consumption
• StreamListener Infrastructure enhancements to primarily deal with multiple destination (details to follow)
• Continuing Documentation improvements
• Various other enhancements and bug fixes
…

On behalf of the team, I am pleased to announce the general availability of Spring Cloud Data Flow 1.3 across a range of platforms

Follow the Getting Started guides for Local Server, Cloud Foundry, and Kubernetes

Release Highlights

Stream updates and rollback

A streaming data pipeline orchestrated as a series of microservice applications has always been the core value of Spring Cloud Data Flow’s design. In Data Flow 1.3 we have provided the ability to update sources, processors, and sinks independently without having to undeploy and redeploy the entire stream.

The stream update and rollback functionality is implemented by delegating the deployment process to a new Spring Cloud project called Skipper. Skipper is a lightweight Spring Boot application, purpose-built to fill this feature gap in Data Flow. Skipper defines a package format, much like helm or brew and can also deploy/undeploy applications to multiple cloud platforms: Local, Cloud Foundry, and Kubernetes. It uses the same Spring Cloud Deployer libraries that have been part of Data Flow since the beginning. Recent presentations at SpringOne 2017 introduces Skipper and the …

I am pleased to announce that Spring IO Platform Brussels-SR7 is now available from both repo.spring.io and Maven Central.

This maintenance release upgrades the versions of a number of the projects in the Platform:

• Spring AMQP 1.7.6
• Spring Boot 1.5.10
• Spring Data Ingalls-SR10
• Spring Framework 4.3.14
• Spring Integration 4.3.14
• Spring Retry 1.2.2
• Spring Security 4.2.4
• Spring Web Flow 2.4.7

The versions of a number of third-party dependencies have also been updated.

Project Page | GitHub | Issues | Documentation

On behalf of the team, it is my great pleasure to announce that Spring Boot 2.0.0.RC1 has been released and is now available from our milestone repository.

This release closes a massive 313 issues and pull requests, and is our first release candidate. At this point we're not anticipating that any major API changes or new features will be added before our final 2.0 GA release.

We've refined a number of items from previous milestone, and provide a number of notable new features including:

• A module to help with legacy property migration
• HTTP/2 support for Jetty (to go along with the Tomcat and Undertow that was added in M7)
• Greatly enhanced GSON support (thanks to an external contribution)
• Improved actuator JSON structures
• Helpful security matchers for both Servlet and Reactive deployements
…

Spring Boot 1.5.10 has been released and is is now available from repo.spring.io and Maven Central.

This release includes an important fix for security vulnerability CVE-2018-1196, which can affect anyone using Spring Boot's systemd and init.d service support. It also provides the latest version of Spring Security which fixed CVE-2018-1199.

In addition the security fix, Spring Boot 1.5.10 includes over 55 fixes, improvements and dependency updates. Thanks to all that have contributed with issue reports and pull requests.

Project Page | GitHub | Issues | Documentation | Stack Overflow | Gitter

Hi Spring fans! Welcome to another installment of This Week in Spring! This week I was in Los Angeles and Chicago and now I'm in San Francisco, taking meetings with Pivotal ecosystem folks and customers. We've got an incredibly busy week's worth of stuff ahead of us, so let's get to it!

• Reactor project lead Stephane Maldini has announced that Reactor Bismuth-SR5 is out with fixes, Reactive Streams 1.0.2, Netty 4.1.20 and a few new cool features there
• Check out this post by Spring Security ninja Joe Grandja on what the future of OAuth 2 support in Spring is
• Spring Security lead Rob Winch has just announced an immediate update for a CVE for Spring Security 5.0.1, 4.2.4, and 4.1.5
• Reactive Spring web ninja Sebastien Deleuze has just announced the integration and support for Reactive Smile (binary JSON) support in Spring Framework 5.0.4
• Vedran Pavić has …

Improvements, new features, and fixes have landed in a Maven Central mirror near you under Bismuth-SR5 Bill Of Material. This version is now used by Spring Framework 5.0.3 and the upcoming Spring Boot 2.0.RC1! Our site projectreactor.io has been updated with the latest versions.

Reactor-Core 3.1.3

release notes

A quality update including more than a dozen fixes and just a couple new features: new Flux#delaySequence and Signal#getContext access to the current flow Context.

reactor-test also welcomed new features including Context verification facilities and a StepVerifier#toString…

Note

See the latest announcements on Announcing the Spring Authorization Server and Spring Security OAuth 2.0 Roadmap Update

Current State

The current state of OAuth 2.0 Support, within the Spring projects portfolio, is spread out between Spring Security OAuth, Spring Cloud Security, Spring Boot 1.5.x, and the new support introduced in Spring Security 5. As a user of OAuth, you may be asking, "Which project(s) do I use? And why has Spring Security 5 introduced new support into the mix?"

To put it simply, there was a need to unify the OAuth 2.0 support into one project in order to provide a…

We have released Spring Security 5.0.1, 4.2.4, and 4.1.5 to address CVE-2018-1199: Security bypass with static resources Users are encouraged to update immediately.

One of the changes introduced for this CVE was setting StrictHttpFirewall as the default HttpFirewall. User’s can refer to the Javadoc and reference for additional information on how to configure it.

Project Site | Reference | Help