We have released Spring Cloud Config 2.1.2, 2.0.4, and 1.4.6 to address CVE-2019-3799: Directory Traversal with spring-cloud-config-server. Please review the information in the CVE report and upgrade immediately.

These fixes will be included in the next release of the respective Spring Cloud release train.

NOTE: To override the version in Maven, update the dependency to include the version, such as:

<dependency>
	<groupId>org.springframework.cloud</groupId>
	<artifactId>spring-cloud-config-server</artifactId>
	<version>2.1.2.RELEASE</version>
</dependency>

Similarly, in Gradle:

dependencies…

Background

When using a microservices architecture to build our applications, it is very common to end up with a pretty complex dependency tree amongst services. If the service down the dependency tree encounters an issue that causes it to start to respond slowly, it ends up causing a set of issues that cascade up the dependency tree. As more and more requests come in to the application, more and more resources may be consumed by waiting for the slow service to respond. Even worse, the additional load being put on the slow service may exacerbate the problem. To help alleviate the effect of…

On behalf of the community, I’m pleased to announce the release of Spring Security 5.2.0.M2! This release includes 100+ updates. You can find the highlights below:

OAuth 2.0

gh-6446 - Client Support for PKCE

PKCE isn’t just for native or browser-based apps, but for any time we want to have a public client. Spring Security 5.2 introduces a secure way for backends to authenticate as public clients.

gh-5350 - OpenID Connect RP-Initiated Logout

gh-5465 - Ability to use symmetric keys with JwtDecoder

gh-5397 - Ability for NimbusReactiveJwtDecoder to take a custom processor

gh-6513 & gh-5200…

Hi Spring fans! What a week it's been! When we last spoke I was in Capetown, South Africa or Johannesburg, South Africa. I've since been to Mauritius, back to Capetown, Serbia (for the amazing ITKonekt conference) and I'm now staring at the beautiful Bund river in beautiful Shanghai, China as I write this.

We've got a ton to get to this week, as usual, so let's get to it.

• Hi Spring fans! Welcome to yet another installment of Spring Tips, this one on the just-released-in-master support for RSocket Messaging in Spring Boot 2.2. It's here! It's finally here! I was so excited to see this land and I hope you get a chance to try it out.
• Don't miss this webinar coming on April 18th, A Spring Developer’s Guide to the Pivotal Cloud Foundry Galaxy Webinar
• Spring Session for Apache Geode & Pivotal GemFire 2.2.0.M1 Available
• Spring Session for Apache Geode & Pivotal GemFire 2.0.9.RELEASE & 2.1.3.RELEASE Available
• Check out this post looking at the future of Kotlin and Spring, …

On behalf of the team and everyone that contributed, I am pleased to announce that the second milestone of Spring Boot 2.2 has been released and is available from our milestone repository. This release closes almost 100 issues and pull requests.

Highlights of this milestone include:

• Spring Framework 5.2.0.M1
• @ConfigurationProperties scanning
• Immutable @ConfigurationProperties binding
• Initial RSocket Server Support
• Lazy Initialization and performance improvements

For a complete list of changes and upgrade instructions, please see the Spring Boot 2.2 Release Notes on the wiki and the updated reference documentation…

This blog post is the second in a series of posts that aim at providing a deeper look into Reactor's more advanced concepts and inner workings.

It is derived from my Flight of the Flux talk, which content I found to be more adapted to a blog post format.

I'll update the table below with links when the other posts are published, but here is the planned content:

1. Assembly vs Subscription
2. Debugging caveats (this post)
3. Hopping Threads and Schedulers
4. Inner workings: work stealing
5. Inner workings: operator fusion

If you're missing an introduction to Reactive Streams and the basic concepts of Reactor, head out to the site's learning section and the reference guide…

We are pleased to announce that Spring Cloud Task 2.2.0.M1 is now available on Github and the Pivotal download repository. Many thanks to all of those who contributed to this release.

What’s New?

Spring Cloud Task 2.2.0.M1 is intended to be the version of the framework aligned with Spring Boot 2.2.0. Updates from 2.0.x include:

• Update all dependencies.
• Spring Cloud Task compiles and runs on Java 8, 9, 10, 11, 12.
• Spring Cloud Task Reference documentation has been modernized.
• Bug Fixes

What Else Is Going On?

Beyond the basics to keep Spring Cloud Task up to date with the rest of the ecosystem…

Hi Spring fans! In this installment of Spring Tips Josh revisits RSocket, the reactive application protocol from, among others, Facebook, this time looking at the brand new Spring Framework 5.2 and Spring Boot 2.2 integration.

speaker: Josh Long (@starbuxman)

Here's the first Spring Tips installment introducing the "raw" RSocket protocol and Java client library

Since we announced Spring Framework official support for Kotlin in January 2017, a lot of things happened. Kotlin was announced as an official Android development language at Google I/O 2017, we continued to improve the Kotlin support across Spring portfolio and Kotlin itself has continued to evolve with key new features like coroutines.

I would like to take the opportunity of the first milestone of Spring Framework 5.2 to give a status overview of where we are when it comes to Spring and Kotlin. And I will make my best to focus on concrete improvements since I believe Spring and Kotlin share…