Spring Blog

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.1.13 has been released and is now available from repo.spring.io and Maven Central.

This release includes 34 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

Important Security Advisory

This version of Spring Boot includes a dependency upgrade to Reactor Netty 0.8.16. It contains a fix for CVE-2020-5404.

How can you help?

The following CVE reports were published today:

• CVE-2020-5403 affecting Reactor Netty HttpServer 0.9.3 and 0.9.4.
• CVE-2020-5404 affecting Reactor Netty HttpClient for all 0.8.x and 0.9.x versions in applications where the automatic following of redirects is explicitly enabled.

The fixes are in Reactor Netty 0.9.5 and 0.8.16. If using the reactor-bom, you can upgrade to Dysprosium-SR5 or Californium-SR16.

Reactor Netty is used internally in many frameworks including Spring WebFlux and its WebClient. If you have a Spring Boot application, you can upgrade to Spring Boot 2.2.5 or 2.1.13.

On behalf of the community, I’d like to announce the availability of the Spring Data Moore SR5 and Lovelace SR16 service releases.

Moore SR5 ships with 61 tickets fixed, and Lovelace SR16 ships with 43 tickets fixed. Both releases contain mostly bug fixes and dependency upgrades. Moore SR5 is built on top of the just-released Spring Framework 5.2.4 and will be picked up by Spring Boot 2.2.5 for your convenience. Similarly, Lovelace SR16 uses Spring Framework 5.1.14 and will be included by Spring Boot 2.1.13 in the next days.

Hi, Spring fans! In this installment of Spring Tips, we’re going to look at Alibaba’s Apache RocketMQ. We’ve talked some about Alibaba in Spring Tips before. Check out the earlier Spring Tips installment in which we explore some of Spring Cloud Alibaba.

Running Apache RocketMQ

In order to use Apache RocketMQ, you’ll need to follow the steps in the RocketMQ quickstart. This Spring Tips installment introduces Apache RocketMQ, originally a technology developed and used internally at Alibaba and proven in the forge of 11/11, the famous Chinese sales holiday, sort of like “Cyber Monday,” or “Black Friday,” in the US. Sort of like that, but waaaaaay bigger. In 2019, Alibaba (alone, with no other e-commerce engines involved), made almost $40 billion USD in 24 hours. This required that trillions of messages be sent through something that could scale to meet the demand. RocketMQ is the only thing they could trust.

Hi, Spring fans! This week I am in delicious Philadelphia enjoying the amazing food (scrapple! TastyKakes!) and hanging out with amazing customers using VMWare and Spring to great effect. It’s been a busy week since we last talked: I released a new Spring Tips installment, wrote a bunch of blogs, recorded a new podcast, and published a new podcast installment. We’ve got a lot to get to today so let’s get to it!

• In this first installment of Spring Tips, season 7, I look at RSocket and Spring Security
• Spring Framework 5.2.4 and 5.1.14 available now
• Netflix Built a Spring Application Generator to Boost Dev Productivity. Here’s How You Can, Too.
• Spring Boot for Apache Geode & Pivotal GemFire 1.3.0.M2 Available
• Spring Session for Apache Geode & Pivotal GemFire 2.3.0.M2 Available
• Netflix Built an Application Generator to Boost Productivity. Here’s How You Can, Too.
• A Bootiful Podcast: Building China-scale Infrastructure at Alibaba with Spring Cloud, Rsocket, and more
• You should probably check this video on how to build reliable streaming pipelines with RabbitMQ and Project Reactor
• Announcing Spring Cloud Stream Horsham.SR2 (3.0.2.RELEASE) and Spring Cloud Hoxton.SR2
• Our friend Toshiaki Maki has a nice demo demonstrating using JWT in Spring Security
• Matt Raible has a very interesting look at creating a Spring Boot CRUD application with Angular 9 and Spring Boot 2.2.x
• This is an oldie-but-a-goodie from the good, the great, Dr. Dave Syer: it looks at Spring Performance Gains
• VMware Details its Tanzu/Kubernetes Strategy After Pivotal Merger
• Hey, the Baeldung blog has a nice enumeration of some of the design patterns in the Spring Framework
• Securing RabbitMQ with Vault
• Externalize Springdoc OpenAPI schema (write documentation outside of target classes) – Code Soapbox
• I loved Joris Kuipers talk, Day 2 Problems in CQRS and Event-Sourcing
• Deploying Cloud Foundry on a local Kubernetes - João M Pinto - Medium
• Auto scale Azure Spring Cloud with Azure Monitor and Azure Automation Runbooks - Microsoft Tech Community - 1181125
• Call for Proposals for RabbitMQ Summit 2020 open till Mar 8 - submit now!
• Integrate Java Database Versioning with Liquibase using MySQL [A Step by Step Guide] - By Tiago Melo

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 5.2.4 and 5.1.14 are available now.

The fourth maintenance release of the 5.2 line includes over 60 fixes and improvements. Spring Framework 5.1.14 includes 14 selected fixes and improvements.

As usual, we’ll follow up shortly with corresponding Spring Boot releases (2.2.5 and 2.1.13).

Project Page | GitHub | Issues | Documentation

If you watch Taylor Wicksell of Netflix’s SpringOne Platform keynote you can’t help but be blown away by the sheer productivity of their engineering team. Last year, over 300 Spring-based apps went into production – an incredible achievement.

What Can Your Enterprise Learn From Netflix?

At Netflix, Taylor and his Java Platform team own the Java developer experience (DevEx). Taylor’s team has one mission: to help Netflix’s engineers stay productive – delivering great code at great velocity. It’s a mission that is clearly proving successful.

Hi, Spring fans! In this installment Josh Long (@starbuxman) talks to friends - Mercy Ma (马昕曦), Andy Shi (施孜海), and Jim Fang (方剑) - from Alibaba. These engineers work on Spring Cloud Alibaba, some of the open source infrastructure coming out of Alibaba designed to support Spring applications running at Alibaba, and more.

• The Reactive Foundation
• My Reactive Spring webinar series
• Apache RocketMQ
• Spring Cloud for Alibaba
• My Spring Tips video introducing some of Spring Cloud Alibaba