Spring Framework 4.3.1 and Spring Security 4.1.1 provide fixes for CVE-2016-5007 "Spring Security / MVC Path Matching Inconsistency".

Applications using Spring Security and Spring MVC should upgrade to Spring Security 4.1.1+ and Spring Framework 4.3.1+ and use the MvcRequestMatcher.

Additional details and further mitigations can be found in CVE-2016-5007.

I’m pleased to announce that the Java DSL for Spring Integration 1.2 M1 is available now!

First of I’d like to thank everyone who created issues, raised Pull Requests, provided feedback or just asked questions on StackOverflow. Without the community we couldn’t be the successful project we are today!

The artifact org.springframework.integration:spring-integration-java-dsl:1.2.0.M1 is available in the Milestone repo. So, give it a shot and don’t hesitate to raise a GH issue for any feedback!

Some highlights of the current iteration:

Apache Kafka 0.9 support

Based on the recently released Spring for Apache Kafka project, a new Kafka09 factory has been introduced. This is straightforward Java DSL factory for producing IntegrationComponentSpec fluent API builders for adapters based on the a Spring for Apache Kafka foundation. An existing Kafka factory for Apache Kafka 0.8…

I’m pleased to announce the release of Spring Security 4.1.1.RELEASE which resolves over 50 issues. This release provides mitigation for CVE-2016-5007 There are also lots of bug fixes, but there are also a few notable enhancements.

• MvcRequestMatcher provides deep integration with Spring MVC to ensure consistent path matching strategies for authorization rules

• CORS Support that can leverage Spring MVC’s CORS configuration

• CookieCsrfTokenRepository.withHttpOnlyFalse() for easily integrating with AngularJS applications

Contributions

Without the community we couldn’t be the successful…

Dear Spring Community,

I am happy to announce the 3.8.0 release of the Spring Tool Suite, our Eclipse-based tooling.

Highlights from this release include:

• updated to Eclipse Neon 4.6 GA
• all new Spring Boot code templates
• improved Spring Boot YML and property editors (more advanced content-assist, quick-fixes, and more)
• many small improvements to improve developer productivity
• Pivotal tc Server updated to 3.1.4

To download the distributions, please go visit:

• Spring Tool Suite: https://spring.io/tools/sts/all

Detailed new and noteworthy notes can be found here: STS 3.8.0 New & Noteworthy.

Enjoy!

Welcome to another installment of This Week in Spring! This week I'm in rainy but beautiful Seoul, South Korea and Tokyo (come join me for a talk on Wednesday!), Osaka, and Hiroshima, Japan where I'll be doing a few meetups and talking to businesses of all shapes and sizes. If you're in either region, please hit me up!

This is my favorite time of year! As we lead to SpringOne Platform, there's so much good stuff being released that one can hardly keep up! I am really looking forward to this year's SpringOne Platform show, coming in early August. It's an amazing time to build applications, and…

It is my pleasure to announce that the release candidate of Spring Boot 1.4 is available now from the Spring milestone repository. This milestone concludes 6 months of work in the 1.4 line, closing over 140 issues and pull requests! Thanks to everyone that has contributed.

Highlights of the new release include:

• Unified @EntityScan for JPA, MongoDB, Neo4j, Couchbase and Cassandra
• Auto-configured RestTemplateBuilder
• Support for pure rest client tests via @RestClientTest
• Support for Jest (Elasticsearch rest client)
• Upgrades to Spring Integration 4.3, Spring AMQP 1.6, Spring REST Docs 1.1, MongoDB Java Driver 3 and more
…

I’m pleased to announce that the spring-kafka (Spring for Apache Kafka) 1.0 GA and Spring Integration Kafka 2.0 GA are available finally!

The artifacts org.springframework.kafka:spring-kafka:1.0.0.RELEASE and org.springframework.kafka:spring-kafka-test:1.0.0.RELEASE are available in the Release repository and Maven Central, respectively.

In addition org.springframework.integration:spring-integration-kafka:2.0.0.RELEASE, fully based on the spring-kafka-1.0.0.RELEASE, is available at the same repositories as well.

Important

Just after release we figured out a nasty bug with unacked offset commits for RECORD mode. Special thanks to Adam Dec! So, please, meet spring-kafka:1.0.1.RELEASE…

It is my pleasure to announce that the Spring Framework 4.3.1 and 4.2.7 maintenance releases are available now.

The first maintenance release of the 4.3 line contains 40 fixes and improvements and is the base for the upcoming Spring Boot 1.4 release. The master branch has now switched to 5.0 and we'll start merging 5.0 features in preparation for 5.0.0.M1 later this month.

Project Page | GitHub | Issues | Documentation

For more details about Spring Framework 4.3, check Juergen Hoeller's session at SpringOne Platform, which is taking place in Las Vegas between August 1-4 this year. There are many other great talks so check the agenda and get your ticket…

Right after Spring Framework 4.2.7, Spring Boot 1.3.6 has been released and is available now from repo.spring.io and Maven Central.

This maintenance release includes a number of fixes and 3rd party dependency updates.

Project Page | GitHub | Issues | Documentation