close

Spring Cloud 2022.0.0-M2 (codename Kilburn) Has Been Released

On behalf of the community, I am pleased to announce that the Milestone 2 (M2) of the Spring Cloud 2022.0.0 Release Train is available today. The release can be found in Spring Milestone repository. You can check out the 2022.0 release notes for more information.

Notable Changes in the 2022.0.0-M2 Release Train

See the project page for all the issues and pull requests included in this release.

Spring Cloud 2022.0.0-M2 is compatible with Spring Boot 3.0.0-M2.

Spring Cloud Stream

  • Both Kafka and RabbitMQ binders for Spring Cloud Stream have been migrated as part of the core Spring Cloud Stream repository. With this change, Spring Cloud Stream now follows a mono-repo approach where all the framework-related codebase for Spring Cloud Stream is now part of a single repository. See more details here for the Kafka binder and here for the RabbitMQ binder. We recommend filing new feature requests and bug reports for Kafka and RabbitMQ binders in the core repository.
  • Introduced initial support for a new reactive Kafka binder based on Reactor Kafka. This support contains consumer and producer bindings using Reactor Kafka behind the scenes. See this issue for more details.
  • Also, given we’ve been relying on the new test binder for 3+ years now we have also removed the old test modules
Read more

This Week in Spring - April 5th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! I’m back home from the Hawaiin islands. It’s so good to be home.

First thing’s first: there’s a security vulnerability. We’ve already released guidance on how to mitigate as well as new releases of Spring Framework and Spring Boot that include the mitigation by deault. See the links below for more.

Read more

Spring Framework RCE, Mitigation Alternative

Yesterday we announced a Spring Framework RCE vulnerability CVE-2022-22965, listing Apache Tomcat as one of several preconditions. The Apache Tomcat team has since released versions 10.0.20, 9.0.62, and 8.5.78 all of which close the attack vector on Tomcat’s side. While the vulnerability is not in Tomcat itself, in real world situations, it is important to be able to choose among multiple upgrade paths that in turn provides flexibility and layered protection.

Upgrading to Spring Framework 5.3.18+ or 5.2.20+ continues to be our main recommendation not only because it addresses the root cause and prevents other possible attack vectors, but also because it adds protection for other CVEs addressed since the current version in use.

Read more

Spring Boot 2.6.6 available now

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.6.6 has been released and is now available from Maven Central.

The Spring Framework version in this release includes a fix for CVE-2022-22965, check the dedicated blog post for more details.

This release includes 6 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Read more

Spring Boot 2.5.12 available now

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.5.12 has been released and is now available from Maven Central.

The Spring Framework version in this release includes a fix for CVE-2022-22965, check the dedicated blog post for more details.

This release includes 5 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Read more

Spring Framework RCE, Early Announcement

Updates

Read more

Spring Cloud Azure 4.0 is Now Generally Available

NOTE: Hi, Spring fans! This is a guest post from Sean Li, our friend at Microsoft

I am pleased to announce that Spring Cloud Azure 4.0 is now generally available. With this major release we aim to bring better security, leaner dependencies, support for production readiness and more. Version 4 represents a significant milestone in our product roadmap that we couldn’t have delivered without the collective wisdom of the Spring community and customer feedback. On behalf of the Spring on Azure product team, thank you for making this happen!

Read more