Dear Spring community,

On behalf of the team and everyone who contributed, it is my pleasure to announce 1.0.4.RELEASE version for Spring Integration Zip extension.

CVE-2021-22114

The UnZipTransformer doesn’t cover all the cases for Zip Slip Vulnerability and some particular zip entry names may still end up outside of working directory.

The updated fix has been released in the spring-integration-zip-1.0.4.RELEASE version together with some other bug fixes and improvements. We also have published a new advisory for CVE-2021-22114.

Credit: Trung Pham, Viettel Cyber Security.

Everybody who’s…

Hi, Spring fans! In this episode Josh Long (@starbuxman) talks to Spring legend Greg Turnquist (@gregturn) about Spring Data REST, HATEOAS, CI, and so much more.

Hi, Spring fans! Welcome to another installment of This Week in Spring! This week's been exciting and only going to get more exciting as the days carry on.

Tomorrow, the 24th of February, I'll be participating in a panel with Angie Jones, Daniel Bryant, Stefania Chaplin, and Jonathan Harris on how to debug and fix issues so that it doesn't block production.

Tomorrow, I'll_also_ be streaming on Twitch.tv around noon PST. Join us!

Alright, without any further ado, this week's roundup! Enjoy!

• Announcing Spring Cloud for Kubernetes
• As part of that release, I put together a Spring Tips video/tutorial (1h40m!) that introduces the open-source Spring Cloud Gateway and features interviews with Spring Cloud Gateway creator and Spring Cloud cofounder Spencer Gibb as well as Spring Cloud Gateway for Kubernetes lead Chris Sterling. Enjoy!
• A Bootiful Podcast: Gitlab's Reshmi Krishna on the developer lifecycle
• Spring Boot 2.3.9 is now available
• Spring Boot 2.4.3 is now available
• Spring Boot 2.5.0-M2 available now
• Spring Data 2021.0 M4, 2020.0 SR5, Neumann SR7 and Moore SR13 released
• …

Hi, Spring fans! In this installment of Spring Tips, I revisit Spring Cloud Gateway.

Here's what's inside:

Intro

11:12​ Have your cake and Eat it too with an API Gateway

Basics

00:11:37​ Get to Know Your New Gateway 00:21:18​ The Observable Gateway
00:22:39​ Meet The Supporting Characters
00:24:30​ Reactive Data For The Demo
00:28:10​ A Reactive WebSocket Endpoint 00:31:00​ Reactive HTTP Endpoint

Behind the Source with Spring Cloud co-founder, lead, and Spring Cloud Gateway creator Spencer Gibb

00:33:00​ Spencer Gibb

Service Discovery

37:59​ Introducing Spring Cloud Netflix Eureka 40:4…

Hi, Spring fans! In this episode, Josh Long (@starbuxman) talks to Gitlab's Reshmi Krishna (@reshmi9k) about the developer lifecycle, cloud-native computing, working at Gitlab and Pivotal, and more.

• the Gitlab handbook
• Gitlab's Twitter account

Continuing our monthly milestone release cadence, I am pleased to announce that the second milestone of Spring Boot 2.5 has been released and is available from our milestone repository. This release adds a number of new features and bug fixes.

Highlights of this milestone include:

• Layered WARs support for use with Docker
• Custom Buildpack Builder Support
• Jetty 10 Support
• Early Support for Gradle 7

We've also made some significant behind-the-scenes changes to do with the way that schema.sql and data.sql files are processed. If you use those features, please try the milestone and let us know if…

For all users building hypermedia based API, I’d like to announce that we shipped Spring HATEOAS 1.3 M2. We ship two major themes with the release:

• Revised support for HAL-FORMS and most of the additional property attributes derived from types or JSR-303 annotations. For details checkout the revamped section of the references docs or a more complete example.

• We significantly revamped the way we register the media type conversion within the WebMVC infrastructure. This is a response to challenges in selecting the best media type to render in certain Accept header edge conditions. This change should be a non-issue but it would be great if you could test the new setup for a spin and report any glitches you potentially encounter.

…

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring Initializr 0.10.0 has been released and is now available from Maven Central.

This release includes 27 fixes, improvements and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

For full upgrade instructions and new and noteworthy features please see the release notes.

GitHub | Issues | Documentation | Stack Overflow | Gitter

On behalf of the team, I’m pleased to announce Spring Data service releases 2020.0 SR5, Neumann SR7, Moore SR13 and the 4th Milestone of the upcoming 2021.0 iteration.

The attentive reader might have noticed that 2021.0 M3 and 2020.0 SR4 have been hiding out of sight. Well, a tiny glitch made us redo those releases right away for an upgrade without surprises.

For your convenience Spring Boot will pick up the artifacts with its upcoming releases.

2021.0 M4

• Spring Data Commons 2.5 M4 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data JDBC 2.2 M4 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data JPA 2.5 M4 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data MongoDB 3.2 M4 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data for Apache Cassandra 3.2 M4 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data for Apache Geode 2.5 M4 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data Neo4j 6.1 M4 - Artifacts - Javadoc - Documentation - Changelog
• Spring Data KeyValue 2.5 M4 - Artifacts - Javadoc - Documentation - …