Rossen Stoyanchev

Rossen Stoyanchev

Blog posts by Rossen Stoyanchev

Spring Framework Releases Fixes for CVE-2024-38808 and CVE-2024-38809

Releases | August 14, 2024 | ...

The Spring Framework has released versions 5.3.39, 6.0.23, and 6.1.12 that contain fixes for CVE-2024-38809, DoS via conditional HTTP requests.

The 5.3.39 release contains an additional fix for CVE-2024-38808, DoS via SpEL expression.

Note that version 5.3.39 has fixes for both CVEs. Version 5.3.38 was released earlier on the same day, and it contains the fix for CVE-2024-38809 but not CVE-2024-38808.

Upgrading Your Project

Commercial customers using Spring Boot 2.7, 3.0, or 3.1 can make use of Spring Boot Hotfix releases 2.7.21.1, 3.0.16.1, and 3.1.12.1. Releases are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription

Spring for GraphQL 1.3.0 Released

Releases | May 21, 2024 | ...

I'm pleased to announce the release of Spring for GraphQL 1.3.0. In addition to the M1 and the RC1 releases, the final release adds the following features:

  • Virtual thread support for controller methods.
  • GraphQL over WebSocket authentication via "connect_init" message.
  • Interceptors in WebSocketGraphQlTester.
  • Kotlin Flow as controller method return value.

See the Versions page on the wiki for a list of features.

Spring for GraphQL 1.3 RC1 Released

Releases | April 16, 2024 | ...

On behalf of the Spring for GraphQL team, I am pleased to announce the availability of 1.3 RC1. This post describes the release. For more on other upcoming features in 1.3, see the 1.3 M1 blog post.

GraphQL Java 22

The 1.3 release candidate builds on GraphQL Java 22, released earlier today. GraphQL Java 22 includes a lot of new features including major performance improvements, experimental support for the up and coming Defer and Stream Directives addition to the GraphQL spec, and much more.

The release includes breaking changes too, and this is a good time to experiment in your environment. See the GraphQL Java 22 release page

Spring for GraphQL 1.3 M1 Released

Releases | February 21, 2024 | ...

On behalf of the Spring for GraphQL team, I am pleased to announce the availability of our first 1.3 milestone. The release includes a number of new features described in this post.

Synchronous GraphQlClient

GraphQlClient provides a common workflow for GraphQL requests over any transport including HTTP, WebSocket, and RSocket. Following the availability of Project Loom in Java 21, and a new synchronous RestClient in Spring Framework 6.1, we've now added the option to use GraphQlClient on a blocking stack, and to use a synchronous API. See the reference docs for details on how to create GraphQlClient with a RestClient

Spring Web Flow 3.0.0 Released

Releases | July 13, 2023 | ...

I'm pleased to announce the availability of Spring Web Flow 3.0.0. This release is all about compatibility with Spring Framework 6 and Jakarta EE. The spring-webflow-sampes have been updated, and the commit history provides an example of changes necessary to upgrade. One significant change is the need to remove Tiles which has not migrated to Jakarta EE. The booking-mvc sample now uses Thymeleaf Layouts instead.

Once again special thanks to Ian Young, Scott Cantor, and Gábor Lipták for your help to make these updates available to the community!

Spring Framework Reference Documentation Update

Engineering | May 11, 2023 | ...

Starting with version 6.0.9, the Spring Framework reference documentation site is generated with Antora. This is a big change that brings many improvements. This blog post provides context around that.

Overview

For a long time the Spring Framework reference documentation had two versions, one single page, and one multipage. The single page was very large but often preferred for the ability to search with Ctrl+F. The multipage provided structure, but it was difficult to navigate and search. See for example the single and multiple versions from 4.3.x.

In 5.0 we switched to a single version that split the documentation into several high-level sections as a kind of middle ground between the single and the multipage versions. You could still use Ctrl+F within a section, while the content one any one of those pages wasn't as large as the full documentation. In this version we also added left-hand side navigation to make it easy to navigate the content. See example

Spring for GraphQL 1.2.0-RC1 released

Releases | April 19, 2023 | ...

I'm happy to announce that a Spring for GraphQL 1.2 release candidate is now available via https://repo.spring.io/milestone.

Pagination for Querydsl and Query By Example

The M1 release provided abstractions and infrastructure for pagination and sorting, including support for input and output types on annotated controller methods that minimize what applications need to do to support paginated queries.

The current release candidate completes this by extending pagination support to our Querydsl and Query By Example DataFetcher implementations, both of which now expose a scrollable factory method.

Spring Web Flow 3.0 RC1 Released

Releases | March 30, 2023 | ...

I'm pleased to announce that Spring Web Flow 3.0 RC1 is now available from the Spring milestone repository.

As mentioned in the 3.0 M1 announcement, milestone 1 did not include JSF support. This release changes that and upgrades the Spring Faces module to a Spring Framework 6, Jakarta EE, and Java 17 baseline. The spring-webflow-samples, including JSF samples, have been upgraded to the latest, and you can use sample changes as pointers for your own upgrades.

Spring Web Flow has also migrated from JIRA to GitHub issues recently, and that means you can now search, create, and watch both issues and pull requests, from the project's GitHub issues

Spring Web Flow 3.0 M1 Released

Engineering | August 10, 2022 | ...

It has been almost 4 years since the last set of Spring Web Flow releases. Nevertheless, the project continues to serve a specific need particularly well, arguably better than alternatives, and remains in active use. While there hasn't been a strong driver for new releases, the upcoming Spring Framework 6 brings a Java 17 baseline and makes the shift to Jakarta EE, which creates the need for such a release in order to enable applications to migrate to this new baseline.

Today I'm pleased to announce the availability of Spring Web Flow 3.0 M1 in the Spring milestone repository. This release focuses mainly on compatibility with Spring Framework 6 and Jakarta EE. The Travel booking-mvc sample on spring-projects/spring-webflow-samples has been updated and the commit history provides example changes…

Spring for GraphQL 1.0 Release

Engineering | May 19, 2022 | ...

On behalf of the Spring for GraphQL team and every contributor, it is my pleasure to announce the 1.0 GA release. It's been 10 months since the project was announced and under 2 years since the first commit, unremarkably called "first commit". The project began with the modest goal to replace the (now archived) minimal GraphQL Java Spring integration, but has since moved significantly beyond through community feedback and collaboration across Spring Boot, Spring Framework, Spring Data, and Spring Security.

The following are highlights from the release:

  • Annotation-based programming model for data fetchers
  • Data binding from input arguments with validation
  • Field-level security through annotations on data @Controller methods
  • Server handlers and interception over HTTP, WebSocket, and RSocket
  • Querydsl and Query by Example repositories as data fetchers
  • Batch loading support
  • Client for executing over HTTP, WebSocket, and RSocket
  • Test support with HTTP, WebSocket, RSocket, or directly, without a client
  • GraphiQL page and schema printing page

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all