close

Brian Clozel

Brian Clozel

Spring Framework & Spring Boot committer

Lyon, France

Blog Posts by Brian Clozel

Spring Framework 5.3.20 and 5.2.22 available now

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 5.3.20 and 5.2.22 are available now.

Spring Framework 5.3.20 includes 14 fixes and improvements.
Spring Framework 5.2.22 includes 2 backports.

In addition, these releases include fixes for 2 vulnerabilities:

  • CVE-2022-22970
    “Spring Framework DoS via Data Binding to MultipartFile or Servlet Part”
    Denial of Service (DoS) attack in Spring MVC or Spring WebFlux applications that handle file uploads and rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
    Severity: Medium

  • CVE-2022-22971
    “Spring Framework DoS with STOMP over WebSocket”
    Denial of service (DoS) attack by authenticated users in Spring applications with a STOMP over WebSocket endpoint.
    Severity: Medium

Read more...

Spring for GraphQL 1.0 RC1 Released

On behalf of everyone involved, I’m pleased to announce the availability of the first and final release candidate of Spring for GraphQL 1.0. We’re finally going to release a 1.0 version on May 17, the reference version for Spring Boot 2.7.0. We’ve shipped a few noteworthy changes and one important new feature in this release.

Note: The Spring for GraphqL Boot starter is up-to-date with the changes discussed in this post and Spring Boot 2.7.0-RC1 is scheduled to be released on Thursday this week.

GraphQL over RSocket

Read more...

Spring for GraphQL 1.0.0-M5 Released

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring for GraphQL 1.0.0-M5 is now available from https://repo.spring.io/milestone.

The M5 release is a quick follow-on after the feature-rich M4 release from December. The main goal for M5 was to move the Boot starter out of the Spring GraphQL repository and into Spring Boot proper, ahead of the first Spring Boot 2.7 milestone this Thursday. In addition to that, as always, there was plenty of feedback leading to a number of refinements and fixes.

Read more...

Spring GraphQL 1.0.0-M4 Released

The Spring GraphQL team has just released the 4th milestone towards a 1.0.0 release. Thanks to all contributors!

In this milestone, we have further improved the annotation programming model and extended the Spring Data support that were provided in the previous milestones.

Interface Projections for GraphQL Arguments

If you’re familiar with Spring Data’s Interface-based Projections, then this new feature will make perfect sense: you can use a well-defined interface to work with GraphQL arguments, without the need for any Object implementation.

Read more...

Spring GraphQL 1.0.0-M3 Released

The Spring GraphQL team is pleased to announce a 3rd milestone towards a 1.0.0 release, driven with great help from the community .

Batch Mapping

The 2nd milestone introduced an annotation programming model for GraphQL data controllers with @SchemaMapping methods. The 3rd milestone adds a new @BatchMapping method.

If you’re familiar with GraphQL, you know that navigating an object graph can cause the “N+1 queries problem” if we’re not mapping carefully object relations. We could already leverage the Batching feature from GraphQL Java to solve that problem, but this release introduces dedicated support as well as an @BatchMapping annotation for a smoother experience:

Read more...

Spring GraphQL 1.0.0-M2 available now

Less than 2 months after the initial announcement of Spring GraphQL and its follow up intro blog,
I’m happy to announce that the 1.0.0-M2 version has been released and is available from the Spring Milestone repository.

The Spring GraphQL team would like to thank the early adopters and contributors - with your help, we’re making good progress towards a GA version!

We’ve fixed a few issues and renamed a couple of concepts, but the most notable change is the introduction of a new annotation model for GraphQL Controllers.
You can now annotate @Controller components to handle queries, mutations and subscriptions:

Read more...

Spring Framework 5.2.8, 5.1.17, 5.0.18, and 4.3.28 available now

On behalf of the team and everyone who has contributed, I am pleased to announce a full round of Spring Framework releases.

Spring Framework 5.2.8 includes 36 fixes and improvements. Spring Framework 5.1.17 includes 15 selected fixes and improvements.

The maintenance release for 5.0.x (5.0.18) ships with 13 selected fixes and improvements. The 4.3.x branch (4.3.28) also ships with 13 selected fixes and improvements, including a CORS configuration change (see gh-25414 and the CORS section of the reference documentation for more details).

Read more...

Liveness and Readiness Probes with Spring Boot

Update: this blog post has been updated for changes released in Spring Boot 2.3.0.RC1

The Spring Boot team is actively working on a Kubernetes theme for the next 2.3.0 release. After Docker images creation and Graceful Shutdown support, it’s now time to introduce Liveness and Readiness probes support.

With our 2.2.0 release, Spring Boot shipped with the Health Groups support, allowing developers to select a subset of health indicators and group them under a single, correlated, health status.

Even with this new feature, we’ve found that we could provide more to the Spring community, with more opinions and guidance when it comes to Kubernetes.

Read more...

Spring Boot 2.2.2 is now available

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Boot 2.2.2 has been released and is now available from repo.spring.io and Maven Central.

This release includes 88 fixes, improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you’re interested in helping out, check out the “ideal for contribution” tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Read more...