Spring Authorization Server 0.3.1 available now
On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 0.3.1.
You can download it from Maven Central by using the module coordinates:
See the release notes for complete details.
This release includes downgrading to JDK 1.8 baseline along with some minor enhancements and bug fixes.
To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to…
Spring Data 2021.2.1 and 2021.1.5 released
On behalf of the team, I’m pleased to announce Spring Data service releases
Both releases ship with a fix for mostly bug fixes and dependency upgrades.
For your convenience, Spring Boot
2.6.9 are going to pick up these releases in the upcoming days.
In addition, these releases include fixes for one vulnerability:
- CVE-2022-22980 "Spring Data MongoDB SpEL Expression Injection Vulnerability"
SpEL injection attack in MongoDB applications through repository query methods annotated with
@Aggregation using parametrized SpEL statements with non-sanitized input.
Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)
- [06-20] CVE-2022-22980 is published
- [06-20] Spring Data MongoDB 3.4.1 and 3.3.5 are available
Table of Contents
We would like to announce that we have released Spring Data MongoDB 3.4.1 and 3.3.5 to address the following CVE report:
- CVE-2022-22980: Spring Data MongoDB SpEL Expression injection vulnerability through annotated repository query methods
This vulnerability was responsibly reported by Zewei Zhang from NSFOCUS TIANJI Lab on Monday, June 13 2022. The full report will be published to MITRE and as security advisory under tanzu.vmware.com/security…
Spring Tools 4.15.1 released
Dear Spring Community,
I am happy to announce the 4.15.1 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Theia.
fixes and improvements
- (Spring Boot) fixed: VScode incorrectly suggests removing @Autowired annotation from methods (#787)
- (Spring Boot) fixed: VScode quick fix should not suggest removing @Autowired annotation from JUnit tests (#786)
- (Eclipse) fixed: Not able to extract the new version of spring-tool-suite-4-4.15.0.RELEASE-e4.24.0-win32.win32.x86_64.self-extracting.jar on windows 11 (#788)
- (Eclipse) fixed: Cannot open Spring Boot Language Server Java Editor settings menu (#789) …
Bootiful Podcast: Spring Framework contributor Sébastien Deleuze on GraalVM, AOT, project Leyden, and WebAssembly
Hi, Spring fans! In this installment, Josh Long (@starbuxman) talks to Spring Framework contributor Sébastien Deleuze (@sdeleuze) on GraalVM, AOT, project Leyden, and WebAssembly.
Spring Cloud 2022.0.0-M3 (codename Kilburn) Has Been Released
On behalf of the community, I am pleased to announce that the Milestone 3 (M3) of the Spring Cloud 2022.0.0 Release Train is available today. The release can be found in Spring Milestone repository. You can check out the 2022.0.0 release notes for more information.
Notable Changes in the 2022.0.0 Release Train
See the project page for all the issues and pull requests included in this release.
Spring Cloud 2022.0.0-M3 is compatible with Spring Boot 3.0.0-M3.
Spring Cloud Stream
- Enhanced support for Kafka "tombstone" records via recently added support for BiFunction/BiConsumer
- Added support for function-based error-handling, thus no longer requiring annotations …
CVE report published for Spring Cloud Function (06-2022)
We have released Spring Cloud Function 3.2.6 to address the following CVE report.
Please review the information in the CVE report and upgrade immediately.
Spring Tools 4.15.0 released
Dear Spring Community,
I am happy to announce the 4.15.0 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Theia.
major changes to the Spring Tools 4 for Eclipse distribution
- updated to Eclipse 2022-06 release (new and noteworthy)
fixes and improvements
- (Spring Boot) fixed: vscode-sts: an edge case of workspace symbol for @PutMapping (#781)
- (VSCode) fixed: Failed to refresh live data from process 12704 - com.xxxx.xx.xxx.BillingServiceApp after retries: 10 (#748)
- (Eclipse) fixed: The Spring Boot Language Server is not immediately shutdown after closing the last open editor to avoid the need to restart the server when you open the next file (related to #568)
- (Eclipse) fixed: When opening symbols, open the compilation unit from the relevant project (#769)
- (Eclipse) fixed: The issue with…
Spring Framework 5.3.21 available now
On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework
5.3.21 is available now.
5.3.21 includes 22 fixes and improvements.