During the week of August 19th, 2024, the Spring ecosystem saw several updates, including versions of Spring Boot, Spring Data, Spring Cloud, Spring Security, Spring Authorization Server, Spring Session, Spring for Apache Kafka, and Spring for Apache Pulsar.
A major update was the second milestone release of Spring Boot version 3.4.0, which introduced bug fixes, enhancements to documentation, and upgrades in dependencies. Notably, the update features enhancements to the @ConditionalOnSingleCandidate
annotation for better handling of fallback beans and updates to the SimpleAsyncTaskScheduler
class to support virtual threads. More information is available in the release notes.
Spring Boot versions 3.3.3 and 3.2.9 were released to address the CVE-2024-38807, a Signature Forgery Vulnerability affecting Spring Boot’s Loader. This vulnerability impacts applications using the spring-boot-loader
or spring-boot-loader-classic
APIs that perform signature verification of nested JAR files. Users of older versions of Spring Boot are recommended to upgrade to newer versions such as 3.1.13, 3.0.16, and 2.7.21.
Tool versions 2024.0.3 and 2023.1.9 are the latest service releases of Spring Data, offering bug fixes and updates in dependencies, covering sub-projects like Spring Data Commons, Spring Data MongoDB, Spring Data Elasticsearch, and Spring Data Neo4j. These updates are compatible with Spring Boot versions 3.3.3 and 3.2.9 respectively.
The first milestone release of Spring Cloud 2024.0.0, codenamed Mooregate, features bug fixes and notable updates to sub-projects: Spring Cloud Kubernetes 3.2.0-M1; Spring Cloud Function 4.2.0-M1; Spring Cloud OpenFeign 4.2.0-M1; Spring Cloud Stream 4.2.0-M1; and Spring Cloud Gateway 4.2.0-M1. This release provides compatibility with Spring Boot 3.4.0-M1. Further details on this release may be found in the release notes.
The second milestone release of Spring Security 6.4.0 delivers bug fixes, dependency upgrades and new features such as: improved support to the @AuthenticationPrincipal
and @CurrentSecurityContext
meta-annotations to better align with method security; preserve the custom user type in the InMemoryUserDetailsManager
class for improved use in the loadUserByUsername()
method; and the addition of a constructor in the AuthorizationDeniedException
class to provide the default value for AuthorizationResult
interface. More details on this release may be found in the release notes and what’s new page.
Similarly, versions 6.3.2, 6.2.6 and 5.8.14 of Spring Security have also been released providing bug fixes, dependency upgrades and a new feature that implements support for multiple URLs in the ActiveDirectoryLdapAuthenticationProvider
class. Further details on these releases may be found in the release notes for version 6.3.2, version 6.2.6 and version 5.8.14.
Versions 1.4.0-M1, 1.3.2 and 1.2.6 of Spring Authorization Server have been released that ship with bug fixes, dependency upgrades and new features such as: a new authenticationDetailsSource()
method added to the OAuth2TokenRevocationEndpointFilter
class used for building an authentication details from an instance of the Jakarta Servlet HttpServletRequest
interface; and allow customizing an instance of the Spring Security LogoutHandler
interface in the OidcLogoutEndpointFilter
class. More details on these releases may be found in the release notes for version 1.4.0-M1, version 1.3.2 and version 1.2.6.
The second milestone release of Spring Session 3.4.0-M2 includes numerous dependency updates and introduces a new RedisSessionExpirationStore
interface, allowing for customized expiration policies within the RedisIndexedSessionRepository.RedisSession
class. More information can be found in the release notes and what’s new pages.
In addition, the release of Spring Session 3.3.2 and 3.2.5 includes dependency updates and resolves an issue where the AbstractSessionWebSocketMessageBrokerConfigurer
class causes an eager instantiation of the SessionRepository
interface due to a non-static declaration of the Spring Framework ApplicationListener
interface. More details on this release can be found in the release notes for version 3.3.2 and version 3.2.5.
Versions 1.3 M2, 1.2.3, and 1.1.8 of Spring Modulith were released, featuring bug fixes, dependency upgrades, and new features such as an optimization for publication completion via event and target identifier for better database query planning, and a revision of the EventPublication
interface renaming the isPublicationCompleted()
method to isCompleted()
. More information is available in the release notes for version 1.3.0-M2, version 1.2.3, and version 1.1.8.
The second milestone release of Spring AI 1.0.0 includes bug fixes, improvements in documentation, and several new features like enhanced observability for the ChatClient
interface, chat models, embedding models, image generation models, and vector stores. It introduces a new MarkdownDocumentReader
for ETL pipelines and a new ChatMemory
interface powered by Cassandra.
Versions 3.3.0-M2, 3.2.3, and 3.1.8 of Spring for Apache Kafka have been released. These updates introduce bug fixes, dependency updates, and new enhancements including support for Apache Kafka 3.8.0 and better error handling for fault tolerance retries. These versions are set to be incorporated into Spring Boot versions 3.4.0-M2, 3.3.3, and 3.2.9 respectively. For more detailed information, check the release notes for version 3.3.0-M2, version 3.2.3, and version 3.1.8.
The initial milestone release of Spring for Apache Pulsar 1.2.0-M1 is now available, as announced in this release. It brings a host of updates, including enhancements in documentation and dependencies, the ability to set a default topic and namespace, and functionality to utilize custom Jackson ObjectMapper instances for JSON schemas. This version will also be included in Spring Boot 3.4.0-M2. Further information on this release can be viewed in the release notes.
Additionally, versions 1.1.3 and 1.0.9 of Spring for Apache Pulsar have been made available, focusing on dependency upgrades. These versions are set to be included in Spring Boot 3.3.3 and 3.2.9 respectively. More details on these updates can be found in the release notes for version 1.1.3 and version 1.0.9.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.