I am pleased to announce that Spring IO Platform Brussels-SR9 is now available from both repo.spring.io and Maven Central.
This maintenance release upgrades the versions of a number of the projects in the Platform:
After a long and exciting journey, we are pleased to announce the General Availability release of the Spring Cloud Stream Elmhurst release train - Elmhurst.RELEASE/2.0.0.RELEASE.
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-stream-dependencies</artifactId>
<version>Elmhurst.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
CVE-2018-1270 reported last week was unfortunately not fully addressed in the 4.3.x branch of the Spring Framework. Spring Framework 4.3.16 has been released today, so we’ve decided to also release Spring Boot 1.5.12 to help people upgrade easily.
This release includes just 3 fixed issues, but should be considered a priority upgrade for all existing Spring Boot 1.5 users.
Spring Boot 2.0 users are not affected and should use the existing 2.0.1 release.
Project Page | GitHub | Issues | Documentation | Stack Overflow | Gitter
CVE-2018-1270 was reported last week, and unfortunately, was not fully addressed in the 4.3.x branch of the Spring Framework.
A follow-up 4.3.16 version was created and released to Maven Central, and a new CVE-2018-1275 report was published. Please upgrade to 4.3.16 immediately!
Spring Boot 1.5.x Instructions: if impacted by this issue, please upgrade to Spring Boot 1.5.12.
It’s my pleasure to announce that Spring IO Platform Cairo-RELEASE is now available from the Spring release repository and Maven Central. The Cairo generation of the Platform builds on top of Spring Framework 5.0 and Spring Boot 2.0 and requires Java 8.
Cairo upgrades the versions of a number of projects:
Maintenance of the Spring IO Platform will end twelve months from today, 9 April 2019, and the project will be moved to the attic. Maintenance releases of both the Brussels and Cairo lines will continue to be published up until that time.
When the Platform was first introduced almost four years ago it provided dependency management for a number of projects that were not managed by Spring Boot. In recent releases that number has decreased and would have continued to do so in the future as the Spring portfolio continues to evolve.
I am pleased to announce that Spring IO Platform Brussels-SR8 is now available from both repo.spring.io and Maven Central.
This maintenance release upgrades the versions of a number of the projects in the Platform:
The versions of a number of third-party dependencies have also been updated.
UPDATE 2018-04-09: see follow-up announcement for 4.3.x branch.
Spring Framework 5.0.5 and 4.3.15 (superseded by 4.3.16 with CVE-2018-1275), released earlier this week, include fixes for the following vulnerabilities:
Spring Boot 2.0.1 and 1.5.11 (superseded by 1.5.12 with CVE-2018-1275), that match the above Spring Framework versions, were released today, and are now also available for use.
Please, review the information in the CVE reports and upgrade immediately.
Hot on the heels of Spring Boot 1.5.11, Spring Boot 2.0.1 is now available from repo.spring.io and Maven Central.
The first maintenance release of Spring Boot 2 includes over 160 fixes, improvements and dependency updates. Thanks to all that have contributed with issue reports and pull requests.
Note that the Spring Framework versions included in both Spring Boot releases contain fixes that address multiple vulnerability reports. Please see this blog post for more details.
If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.
Dear Spring community,
The Spring team hereby announces that the Spring for Apache Hadoop project will reach End-Of-Life status twelve months from today on April 5th, 2019. We will publish occasional 2.5.x maintenance releases as needed up until that point and will then move the project to the attic. The current Spring for Apache Hadoop 2.5.0 release is built using Apache Hadoop version 2.7.3 and should be compatible with the latest releases of the most popular Hadoop distributions.
The Spring Cloud Stream App Starter - HDFS Sink applications rely on the Spring for Apache Hadoop project. Moving forward, we will port the required capabilities directly onto the HDFS App Starter project. Spring Cloud Data Flow would continue to orchestrate the HDFS sink applications into coherent streaming pipelines.
