Hear from the Spring team this January at SpringOne. >
close

Mark Paluch

Mark Paluch

Spring Data Project Lead

Weinheim, Germany

Mark is Software Craftsman, Spring Data Project Lead at Pivotal, and Lead of the Lettuce Redis driver. His focus is now on reactive data integrations and R2DBC.
Blog Posts by Mark Paluch

Spring Data 2022.0 goes GA

On behalf of the Spring Data engineering team and everyone who contributed to this release, I am pleased to announce the general availability of Spring Data 2022.0 (Codename: Turing) from Maven Central! It is the third major revision since Spring Data’s inception in 2009 to serve you as your framework for modern-day data applications.

Spring Data 2022.0 builds on top of the just-released Spring Framework 6.0 with a Java 17+ baseline. Modules leveraging Jakarta EE technologies, such as Spring Data JPA and Spring Data REST, have been upgraded to Jakarta EE 9+, moving to the jakarta namespace, with a focus on the recently released Jakarta EE 10 APIs, such as Servlet 6.0 and JPA 3.1.

Read more...

Spring Data 2021.2.6 and 2021.1.10 available

On behalf of the team, I’m pleased to announce the availability of Spring Data 2021.2.6 and 2021.1.10 releases. The service releases ship with mostly bug fixes and dependency upgrades.

For your convenience, the next Spring Boot releases are going to pick up 2021.2.6 and 2021.1.10 in the upcoming days. To round things off, here are the links to the individual modules, changelogs, and documentation:

2021.2.6

Read more...

Spring Data 2022.0.0-RC2 available

On behalf of the team, I’m pleased to announce the second Spring Data release candidate 2022.0.0-RC2.
This release candidate ships with numerous fixes and a refined observability integration through Micrometer for MongoDB, Redis, and Apache Cassandra modules.

For your convenience, Spring Boot 3.0.0-RC2 is going to pick up this release in the upcoming days.

You can find the full release notes in the wiki. We continue looking for feedback to incorporate any last minute changes in our upcoming 2022.0.0 GA release later this month.

Read more...

Spring Data 2022.0.0-RC1, 2021.2.5, and 2021.1.8 available

Dear Spring community,

On behalf of the Spring Data team and everyone who contributed, it is my pleasure to announce that Spring Data 2022.0.0 has entered its release candidate phase by releasing RC1 today. It is available from the milestone repository. This release ships with several tickets fixed. Along with the release candidate, we shipped 2021.2.5 and 2021.1.8 service releases, to be picked up by corresponding Spring Boot releases.

The release candidate ships with a revised module structure, specifically Spring Data for Apache Geode is no longer part of the release train. Expect a blog post that outlines details soon.

Read more...

Embracing Virtual Threads

Project Loom has made it into the JDK through JEP 425. It’s available since Java 19 in September 2022 as a preview feature. Its goal is to dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications.

Where Virtual Threads make sense

This makes lightweight Virtual Threads an exciting approach for application developers and the Spring Framework. Past years indicated a trend towards applications that communicate over the network with each other. Many applications make use of data stores, message brokers, and remote services. I/O-intensive applications are the primary ones that benefit from Virtual Threads if they were built to use blocking I/O facilities such as InputStream and synchronous HTTP, database, and message broker clients. Running such workloads on Virtual Threads helps reduce the memory footprint compared to Platform Threads and in certain situations, Virtual Threads can increase concurrency.

Higher concurrency can be achieved if the system has additional resources necessary for concurrency. Specifically, these are:

  1. Available connections in a connection pool

  2. Sufficient memory to serve the increased load

  3. Unused CPU time

Use of Virtual Threads clearly is not limited to the direct reduction of memory footprints or an increase in concurrency. The introduction of Virtual Threads also prompts a broader revisit of decisions made for a runtime when only Platform Threads were available.

Read more...

Spring Data 2022.0.0-M6, 2021.2.3, and 2021.1.7 released

On behalf of the team, I’m pleased to announce the 6th Milestone of Spring Data 2022.0.0 and service releases 2021.2.3 and 2021.1.7. The service releases ship with mostly bug fixes and dependency upgrades.

The releases include a fix for CVE detected in Spring Data REST. Be sure to update as soon as possible and check out details here.

For your convenience, the next Spring Boot releases will pick up 2021.2.3 and 2021.1.7 in the upcoming days. To round things off, here are the links to the individual modules, changelogs, and documentation:

Read more...

Spring Data MongoDB SpEL Expression Injection Vulnerability (CVE-2022-22980)

Updates

  • [06-20] CVE-2022-22980 is published
  • [06-20] Spring Data MongoDB 3.4.1 and 3.3.5 are available

Table of Contents

Overview

We would like to announce that we have released Spring Data MongoDB 3.4.1 and 3.3.5 to address the following CVE report:

This vulnerability was responsibly reported by Zewei Zhang from NSFOCUS TIANJI Lab on Monday, June 13 2022. The full report will be published to MITRE and as security advisory under tanzu.vmware.com/security in the upcoming days.

Read more...

Spring Data 2021.2.1 and 2021.1.5 released

On behalf of the team, I’m pleased to announce Spring Data service releases 2021.2.1 and 2021.1.5.
Both releases ship with a fix for mostly bug fixes and dependency upgrades.
For your convenience, Spring Boot 2.7.1 respective 2.6.9 are going to pick up these releases in the upcoming days.

In addition, these releases include fixes for one vulnerability:

  • CVE-2022-22980
    “Spring Data MongoDB SpEL Expression Injection Vulnerability”
    SpEL injection attack in MongoDB applications through repository query methods annotated with @Query or @Aggregation using parametrized SpEL statements with non-sanitized input.
    Severity: High
Read more...

Spring Vault 2.4.0-M1 and 3.0.0-M1 available

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Vault 2.4.0-M1 and 3.0.0-M1 milestones have been released and are now available from repo.spring.io.

Notable new features include:

  • Support for PEM-encoded certificates and private keys including Elliptic Curve ("EC")

  • Support for Vault Repositories using versioned Key/Value secrets engines

  • Support for Vault-based RevisionRepository using versioned Key/Value secrets engines

Please see the release notes for more details and upgrade instructions.

Read more...

Spring Data 2021.2.0-M3, 2021.1.2, and 2021.0.9 released

On behalf of the team, I’m pleased to announce Spring Data service releases 2021.1.2 and 2020.0.9.
Both releases ship with mostly bug fixes and dependency upgrades.
For your convenience, Spring Boot 2.6.4 respective 2.5.10 are going to pick up these releases in the upcoming days.

Along with the service releases, we released the next milestone 2021.2.0-M3 of the 2021.2 release train. We have summarized the new and noteworthy changes in our release notes.

To round things off, here are the links to the individual modules, changelogs, and documentation:

Read more...