We have released Spring Security 5.0.1, 4.2.4, and 4.1.5 to address CVE-2018-1199: Security bypass with static resources Users are encouraged to update immediately.

One of the changes introduced for this CVE was setting StrictHttpFirewall as the default HttpFirewall. User’s can refer to the Javadoc and reference for additional information on how to configure it.

Project Site | Reference | Help

We are pleased to announce the availability of the following maintenance releases; users are encouraged to upgrade at the earliest opportunity.

• Spring Integration - 5.0.1, 4.3.14 and 4.2.13

• Spring Integration for Apache Kafka 3.0.1

• Spring for Apache Kafka - 2.1.2, 2.0.3 and 1.3.3

• Spring AMQP - 2.0.2 and 1.7.6

Spring Integration 4.3.13, Spring AMQP 1.7.6 will be used in the upcoming Spring Boot 1.5.10 release. Spring Integration 5.0.1, Spring AMQP 2.0.2 and Spring for Apache Kafka 2.1.2 will be used in the upcoming release candidate for Spring Boot 2.0.

See the respective project pages at spring.io/projects…

This post was authored by Vedran Pavić

On behalf of the community I’m pleased to announce the release of Spring Session 2.0.1.RELEASE. This maintenance release is focused primarily on addressing a classloading related regression when using a Redis backed session store in combination with Spring Boot’s DevTools.

You can find the complete details of the release in the changelog.

Feedback Please

If you have feedback on this release, I encourage you to reach out via StackOverflow, GitHub Issues, or via the comments section. You can also ping Rob @rob_winch, Joe @joe_grandja, or me @vedran_pavic on…

We are pleased to announce the 1.3.0.RC1 release of the Spring Cloud Data Flow and its associated ecosystem of projects.

Follow the Getting Started guides for Local Server, Cloud Foundry, and Kubernetes.

Release Highlights

Feature toggle for Skipper

To simplify the overall experience of opting into using Skipper to deploy streams, a feature toggle provides you the ability to switch between skipper mode and the previous 'classic' mode. The feature toggle is used in both the Shell and the Server. The default value is to use the 'classic' non-skipper mode. To enable skipper mode, pass in the…

On behalf of the Spring Data team, I’d like to announce the Ingalls SR10 and Kay SR3 service releases. The Ingalls service release ships on top of the just-released Spring Framework 4.3.14 and in preparation of the upcoming Spring Boot 1.5.10 release. The Kay service release picks up Spring Framework 5.0.3 in and will be picked up by Spring Boot 2.0 RC1 for your convenience.

Both releases ship with 105 tickets fixed in total and are recommended upgrades to all users of the Ingalls and Kay release trains. You can find all details within the linked changelogs.

Spring Data Ingalls SR10

• Spring Data Commons 1.13.10 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data JPA 1.11.10 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data MongoDB 1.10.10 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data for Apache Cassandra 1.5.10 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data KeyValue 1.2.10 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data Gemfire 1.9.10 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data Neo4j 4.2.10 - Artifacts - JavaDocs - Documentation - Changelog
• Spring Data for Apache Solr 2.1.10 - Artifacts - JavaDocs - Documentation - …

Dear Spring community,

I’m pleased to announce that Spring Framework 5.0.3 and 4.3.14 are available now, as another pair of refinement releases which are recommended as immediate upgrades for all users. Our 5.0.3 release is the foundation for the upcoming Spring Boot 2.0 RC1 release next week, and 4.3.14 will be picked up by Boot 1.5.10 around the same time.

Spring Framework 5.0.3 comes with fresh support for Kotlin 1.2.20, Reactor Core 3.1.3 and JUnit 5.0.3 and has been successfully tested on the latest JDK 10 early-access builds already. It also includes fixes for a few recent regressions and selected refinements in the WebFlux APIs, just in time for moving 5.0.x into maintenance mode and preparing for the 5.1 line…

Hi Spring fans! Welcome to another installment of This Week In Spring. This week I'm in Los Angeles (warm!) talking to customers and then it's off to Chicago (not warm!). There's so much good stuff to cover this week so let's get to it!

• In PCF 2.0, the application runtime is now joined by an enterprise-grade Kubernetes service, called Pivotal Container Service, and a new Functions-as-a-Service offering, Pivotal Function Service. Pivotal's Jared Ruckle joins Jeff and Dormain for a look at PCF 2.0 in this new podcast
• Spring Cloud Sleuth now integrates with Brave and it's an exciting time for distributed tracing.
• Spring Cloud Vault lead Mark Paluch has integrated Spring Security with Spring Cloud Vault
• It's been a busy wek for the Spring Cloud Sleuth team! This commit makes Spring Cloud Sleuth OpenTracing-compatible
• Support for integrating Micrometer (think SLF4J, but for metrics) with Jersey 2 (a JAX-RS implementation) has just landed…

On behalf of the team, I am pleased to announce the release of Spring Cloud Skipper 1.0 RC1.

Skipper is a lightweight tool that allows you to discover Spring Boot applications and manage their lifecycle on multiple Cloud Platforms. You can use Skipper standalone or integrate it with Continuous Integration pipelines to help implement the practice of Continuous Deployment.

The 1.0 RC1 release fixes several bugs and introduces a some new features.

• OAuth Security support.
• Release install, upgrade, and rollback workflow managed using the Spring StateMachine project.
• REST API improvements.
• Database Schemas managed using Flyway.
• Package deletion, checking for active Releases.
• Release deletion with optional package deletion.
• Shell commands follow a consistent format, e.g. platform list, release status.
• Add support for ResourceMetadata URIs in package template.
• Support for interactive and non-interactive shell modes.
• Improved conversion from java.util.Properties, to YAML in shell.
…

Aloha! This week I'm in sunny Honolulu for the first annual LavaOne conference. If you're not here, you should be! The show is amazing, enjoys 50% female to male audience attendance, the speakers are world-class (well, except yours truly, but don't tell them that..) and the location is pretty hard to beat!

That said, nothing gives me more pleasure than saddling up to a table with a laptop, some green tea, sunglasses and sunscreen lotion and checking in on the community. This week's been a heckuva week indeed! Lot's of great stuff so let's get to it!

• Ryan Baxter just announced Spring Cloud Edgware SR1 which contains updates for several modules
• Project Reactor team ninja Simon Baslé offers a look at Reactor 3.2.M1
• Vedran Pavić just announced Spring Session 2.0.0. Check it out - there are a ton of improvements.
• Spring ninja Greg Turnquist has put together a nice post introducing the support in Spring HATEOAS for the Affordances API
• There's now support for query-by-example in Spring Data Redis
• A friendly reminder that, going forward, the preferred way to integrate with the OpenZipkin project is to publish messages over RabbitMQ or Apache Kafka using the spring-cloud-starter-zipkin client…