The Spring Blog

Engineering
Releases
News and Events

This Week in Spring - Tuesday March 6th, 2018

Hi Spring fans and welcome to another installment of This Week in Spring! As I write this it’s early morning Tuesday in Sydney, Australia, where I’ve been visiting with some of Pivotal’s amazing customers, and I’m now preparing for my flight to Dubai, in six short hours, where I’ll visit some more of Pivotal’s amazing customers. Later this week I’ll be in Bangalore, India, for the amazing Agile India conference, and then - early next week on Tuesday - I’ll be in Boston, MA for the first SpringOne Tour event. If you’re around don’t hesitate to say hi, as usual!

Read more...

Spring Security SAML Roadmap

The Spring Security SAML project has been an integral part of the Spring ecosystem since its inception nearly 9 years ago. This critically important project was born through the incredible effort and contributions of Vladimír Schäfer. I’d like to take the time to personally thank Vladimír and our fantastic community for their tireless work. Without all of their efforts, this project would not be what it is today.

Vladimír, our amazing community, and the Spring engineering team are planning to team up to enhance Spring Security SAML to achieve the following primary goals:

Read more...

Spring Cloud Finchley M8 is available

On behalf of the community, I am pleased to announce that the Milestone 8 (M8) of the Spring Cloud Finchley Release Train is available today. The release can be found in Spring Milestone repository. You can check out the Finchley release notes for more information.

Notable Changes in the Finchley Release Train

Finchley.M8 is compatible with Spring Boot 2.0.0.RELEASE.

Spring Cloud Gateway

Some bug fixes and small configuration enhancements.

Spring Cloud Bus

Fixes for custom remote events.

Spring Cloud Security

Read more...

Spring Security OAuth Boot 2 Auto-config 2.0.0 Released

I’m pleased to announce the release of Spring Security OAuth Boot 2 Auto-config 2.0.0.

This project is intended to be used to help users transition between the old Spring Security OAuth 2.x support and the Next Generation OAuth 2.0 Support in Spring Security 5. It provides users of Spring Security OAuth 2.x the same auto-configuration capabilities in a Spring Boot 2.0 based application that is currently available in Spring Boot 1.5.x. For more details please refer to the documentation.

Read more...

Spring Security SAML and this week's SAML Vulnerability

This week, the software world found out that SAML Vulnerabilities Affecting Multiple Implementations were discovered. If you use Spring Security SAML’s defaults, you are not impacted by this vulnerability.

The underlying implementation that Spring Security SAML uses is Shibboleth’s OpenSAML Java library. The OpenSAML Java implementation was not listed in the libraries that contain the vulnerability (Shibboleth openSAML C++ was vulnerable). However, if the ParserPool has been customized, you may be impacted.

Read more...

Spring Session Apple SR1 Released

This post was authored by Vedran Pavić

On behalf of the community I’m pleased to announce the release of Spring Session BOM Apple-SR1. With the changes to Spring Session modules described in 2.0.0.RELEASE announcement, the addition of bill of materials (BOM) module was a logical next step.

Note
The originally released Apple-RELEASE contained a glitch in published BOM so make sure you use Apple-SR1.

The BOM provides dependency management for Spring Session core modules (which include Data Redis, Hazelcast and JDBC) and Spring Session Data MongoDB. The following table provides an overview of all the included modules and their respective versions:

Read more...

Spring Boot 2.0 goes GA

On behalf of the team, it is my very great pleasure to announce that Spring Boot 2.0 is now generally available as 2.0.0.RELEASE from repo.spring.io and Maven Central!

This release is the culmination of 17 months work and over 6800 commits by 215 different individuals. A massive thank you to everyone that has contributed, and to all the early adopters that have been providing vital feedback on the milestones.

This is the first major revision of Spring Boot since 1.0 was released almost 4 years ago. It’s also the first GA version of Spring Boot that provides support for Spring Framework 5.0.

Read more...

Reactor BISMUTH-SR7 is out!

On behalf of the whole Reactor Team, it is my pleasure to announce that the Reactor BISMUTH-SR7 release train is now available. As always, we recommend using the reactor-bom Bill Of Material.

In time for Spring Boot 2, this release train comes with improvements and bugfixes to core, extras, and reactor-netty.

This blog post highlights the most significant changes in both SR7 and last week’s SR6 release trains.

Reactor-Core 3.1.5

What’s new since 3.1.3? See the full release notes of the 3.1.4.RELEASE and the 3.1.5.RELEASE. Core changes include more than 15 improvements and bugfixes.

Read more...

Spring Data Kay SR5 released

On behalf of the Spring Data team, I’d like to announce the fifth service release of the Kay release train in prospect of Spring Boot 2.0 GA.

This service release ships with 23 tickets fixed. Kay SR5 will be picked up by Spring Boot 2.0 GA for your convenience and is a strongly recommended upgrade to users of the Kay release train.

You can find all details within the linked changelogs.

Read more...