On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 0.3.1.

You can download it from Maven Central by using the module coordinates:

implementation 'org.springframework.security:spring-security-oauth2-authorization-server:0.3.1'

See the release notes for complete details.

This release includes downgrading to JDK 1.8 baseline along with some minor enhancements and bug fixes.

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to…

On behalf of the team, I’m pleased to announce Spring Data service releases 2021.2.1 and 2021.1.5. Both releases ship with a fix for mostly bug fixes and dependency upgrades. For your convenience, Spring Boot 2.7.1 respective 2.6.9 are going to pick up these releases in the upcoming days.

In addition, these releases include fixes for one vulnerability:

• CVE-2022-22980 "Spring Data MongoDB SpEL Expression Injection Vulnerability"

SpEL injection attack in MongoDB applications through repository query methods annotated with @Query or @Aggregation using parametrized SpEL statements with non-sanitized input. Severity: …

Updates

• [06-20] CVE-2022-22980 is published
• [06-20] Spring Data MongoDB 3.4.1 and 3.3.5 are available

Table of Contents

• Overview
• Vulnerability
• Am I Impacted
• Status
• Suggested Workarounds

Overview

We would like to announce that we have released Spring Data MongoDB 3.4.1 and 3.3.5 to address the following CVE report:

• CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods

This vulnerability was responsibly reported by Zewei Zhang from NSFOCUS TIANJI Lab on Monday, June 13 2022. The full report will be published to MITRE and as security advisory under tanzu.vmware.com/security…

Dear Spring Community,

I am happy to announce the 4.15.1 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Theia.

fixes and improvements

• (Spring Boot) fixed: VScode incorrectly suggests removing @Autowired annotation from methods (#787)
• (Spring Boot) fixed: VScode quick fix should not suggest removing @Autowired annotation from JUnit tests (#786)
• (Eclipse) fixed: Not able to extract the new version of spring-tool-suite-4-4.15.0.RELEASE-e4.24.0-win32.win32.x86_64.self-extracting.jar on windows 11 (#788)
• (Eclipse) fixed: Cannot open Spring Boot Language Server Java Editor settings menu (#789)
…

Hi, Spring fans! In this installment, Josh Long (@starbuxman) talks to Spring Framework contributor Sébastien Deleuze (@sdeleuze) on GraalVM, AOT, project Leyden, and WebAssembly.

On behalf of the community, I am pleased to announce that the Milestone 3 (M3) of the Spring Cloud 2022.0.0 Release Train is available today. The release can be found in Spring Milestone repository. You can check out the 2022.0.0 release notes for more information.

Notable Changes in the 2022.0.0 Release Train

See the project page for all the issues and pull requests included in this release.

Spring Cloud 2022.0.0-M3 is compatible with Spring Boot 3.0.0-M3.

Spring Cloud Stream

• Enhanced support for Kafka "tombstone" records via recently added support for BiFunction/BiConsumer
• Added support for function-based error-handling, thus no longer requiring annotations
…

We have released Spring Cloud Function 3.2.6 to address the following CVE report.

• CVE-2202-22979: Spring Cloud Function Dos Vulnerability

Please review the information in the CVE report and upgrade immediately.

Dear Spring Community,

I am happy to announce the 4.15.0 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Theia.

major changes to the Spring Tools 4 for Eclipse distribution

• updated to Eclipse 2022-06 release (new and noteworthy)

fixes and improvements

• (Spring Boot) fixed: vscode-sts: an edge case of workspace symbol for @PutMapping (#781)
• (VSCode) fixed: Failed to refresh live data from process 12704 - com.xxxx.xx.xxx.BillingServiceApp after retries: 10 (#748)
• (Eclipse) fixed: The Spring Boot Language Server is not immediately shutdown after closing the last open editor to avoid the need to restart the server when you open the next file (related to #568)
• (Eclipse) fixed: When opening symbols, open the compilation unit from the relevant project (#769)
• (Eclipse) fixed: The issue with…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 5.3.21 is available now.

Spring Framework 5.3.21 includes 22 fixes and improvements.

Project Page | GitHub | Issues | Documentation