On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 5.3.20 and 5.2.22 are available now.

Spring Framework 5.3.20 includes 14 fixes and improvements. Spring Framework 5.2.22 includes 2 backports.

In addition, these releases include fixes for 2 vulnerabilities:

• CVE-2022-22970 "Spring Framework DoS via Data Binding to MultipartFile or Servlet Part" Denial of Service (DoS) attack in Spring MVC or Spring WebFlux applications that handle file uploads and rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. Severity: Medium

• CVE-2022-22971 "Spring Framework DoS with STOMP over WebSocket"
  Denial of service (DoS) attack by authenticated users in Spring applications with a STOMP over WebSocket endpoint. Severity: Medium

…

Hi, Spring fans! I'm writing this from - I can't believe I get to say this - abroad! I'm in London, UK! Now, this is not particularly noteworthy for those millions who already live here. But I don't live here. I'm a visitor! I live in San Francisco. I had to fly here! On a plane! With other people! ACROSS THE OCEAN. This is my first international flight since March of 2020, and I couldn't be more excited to be here for Devoxx UK and also just to catch up with old friends I haven't seen in nearly three years. If you know me, and how I used to travel, you'll appreciate how odd it is for me to be…

Hi, Spring fans! In this installment, Josh Long (@starbuxman) talks to fellow Java Champion and Java ecosystem luminary Chandra Guntur (@cguntur) about Java, Spring, and the Spring Katas, among other things.

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you doin'?

I'm excited! This week I'm speaking at the ArabJUG, and I'll be speaking at Microsoft's huuuge JDConf event. Both of these are virtual. Then, next Monday, I'm on a plane bound for London, UK, where I'll be speaking at Devoxx UK 2022. Then, not even two weeks later, I'll be speaking at Spring IO, in Barcelona, Spain! Then a week later, I'll be speaking at JNation, in Lisbon, Portugal. To say that I am excited would be an understatement, my friends.

And all of that ignores the great stuff since last week…

Sometimes, no matter how many features you try to apply, it seems impossible to get Spring Data JPA to apply every thing you’d like to a query before it is sent to the EntityManager.

With 3.0.0-SNAPSHOT (and targeted for the next milestone release train of Spring Data), you now have the ability to get your hands on the query, right before it’s sent to the EntityManager and "rewrite" it. That is, you can make any alterations at the last moment.

Check it out below:

Example 1. Declare a QueryRewriter using @Query

public interface MyRepository extends JpaRepository<User, Long> {

    @Query(value…

Hi, Spring fans! In this installment, Josh Long (@starbuxman) talks to Azul Deputy CTO and Java's own mad scientist and luminary Simon Ritter (@speakjava)

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week I was hoping to be in glorious Chicago, Illinois for the first in-person SpringOne Tour installment since the pandemic. But, alas, I couldn't go because - out of an abundance of caution, and since I was exposed to COVID19 in Atlanta, GA - it was thought to be safer to keep some folks home and virtual. Sigh. This policy makes perfect sense and it's what I wanted. But it's still a smidge disappointing to not be there. I miss y'all! It was fun at least doing a remote presentation.

Anyway, without further ado, let's…

On behalf of the community, I am pleased to announce that the Service Release 2 of the Spring Cloud 2021.0 Release Train is available today. This was primarily a bug fix release. The release can be found in Maven Central. You can check out the 2021.0.2 release notes for more information.

Notable Changes in the 2021.0.2 Release Train

See the project page for all issues included in the release.

Spring Cloud Commons

• Pass request data context in blocking LoadBalancer client (1090)
• Support custom HTTP status code in LoadBalancer lifecycle (1066)
• Support URI without port for default ServiceInstance ([1054]https://github.com/spring-cloud/spring-cloud-commons/pull/1054))
• Improved calculating Round Robin LoadBalancer position ([1078]https://github.com/spring-cloud/spring-cloud-commons/pull/1078)/files)
…

Dear Spring Community,

I am happy to announce the 4.14.1 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Theia.

fixes and improvements

• (Spring Boot) fixed: use startupSnapshot instead of startup timer call to avoid wiping out the underlying data
• (Spring Boot) fixed: When vscode opens a Java project for about 2 hours, the suggestion function will fail (#750)
• (VSCode) enhancement: live hovers are now automatically show up when you launch a Spring Boot application in VSCode. Additional JVM args for the Spring Boot app to enable JMX are added to the launch automatically. More details can be found in the user guide section about Live Application Information.
• (VSCode) enhancement: add extension APIs to get live data (#751…