I am pleased to announce that Spring IO Platform Brussels-SR9 is now available from both repo.spring.io and Maven Central.

This maintenance release upgrades the versions of a number of the projects in the Platform:

• Spring Boot 1.5.12
• Spring Framework 4.3.16

Project Page | GitHub | Issues | Documentation

Maintenance of the Spring IO Platform will end twelve months from today, 9 April 2019, and the project will be moved to the attic. Maintenance releases of both the Brussels and Cairo lines will continue to be published up until that time.

When the Platform was first introduced almost four years ago it provided dependency management for a number of projects that were not managed by Spring Boot. In recent releases that number has decreased and would have continued to do so in the future as the Spring portfolio continues to evolve.

The decreasing difference between Spring Boot's dependency management and the Platform's dependency management means that offering the Platform as a separate choice no longer makes sense. All users of the Platform are encouraged to start using Spring Boot's dependency management directly, either by using spring-boot-starter-parent as their Maven project's parent, or by importing the spring-boot-dependencies…

It's my pleasure to announce that Spring IO Platform Cairo-RELEASE is now available from the Spring release repository and Maven Central. The Cairo generation of the Platform builds on top of Spring Framework 5.0 and Spring Boot 2.0 and requires Java 8.

What has changed

Cairo upgrades the versions of a number of projects:

• Reactor Bismuth
• Spring AMQP 2.0
• Spring Batch 4.0
• Spring Boot 2.0
• Spring Cloud Connectors 2.0
• Spring Data Kay
• Spring Framework 5.0
• Spring Integration 5.0
• Spring Kafka 2.1
• Spring REST Docs 2.0
• Spring Security 5.0
• Spring Security OAuth 2.2
• Spring Session 2.0
• Spring Web Flow 2.5
• Spring Web Services 3.0
…

CVE-2018-1270 was reported last week, and unfortunately, was not fully addressed in the 4.3.x branch of the Spring Framework.

A follow-up 4.3.16 version was created and released to Maven Central, and a new CVE-2018-1275 report was published. Please upgrade to 4.3.16 immediately!

Spring Boot 1.5.x Instructions: if impacted by this issue, please upgrade to Spring Boot 1.5.12.

I am pleased to announce that Spring IO Platform Brussels-SR8 is now available from both repo.spring.io and Maven Central.

This maintenance release upgrades the versions of a number of the projects in the Platform:

• Spring AMQP 1.7.7
• Spring Batch 3.0.9
• Spring Boot 1.5.11
• Spring Data Ingalls SR11
• Spring Framework 4.3.15
• Spring Integration 4.3.15
• Spring Kafka 1.1.8
• Spring Security 4.2.5
• Spring Session 1.3.2
• Spring Social 1.1.6

The versions of a number of third-party dependencies have also been updated.

Project Page | GitHub | Issues | Documentation

UPDATE 2018-04-09: see follow-up announcement for 4.3.x branch.

Spring Framework 5.0.5 and 4.3.15 (superseded by 4.3.16 with CVE-2018-1275), released earlier this week, include fixes for the following vulnerabilities:

• CVE-2018-1270 --> CVE-2018-1275
• CVE-2018-1271
• CVE-2018-1272

Spring Boot 2.0.1 and 1.5.11 (superseded by 1.5.12 with CVE-2018-1275), that match the above Spring Framework versions, were released today, and are now also available for use.

Please, review the information in the CVE reports and upgrade immediately.

I’m pleased to announce the releases of Spring Security 5.0.4 and 4.2.5. Both releases primarily deliver bug fixes and dependency version updates along with some minor improvements.

For a complete list of changes, please refer to the 5.0.4 changelog and 4.2.5 changelog.

Project Site | Reference | Help

On behalf of the community, I’d like to announce the availability of Spring Vault service releases 1.1.2 and 2.0.1, available from Maven Central.

Both releases primarily deliver bug fixes and dependency version updates along with some minor improvements.

For a complete list of changes see the changelogs of 1.1.2 RELEASE and 2.0.1 RELEASE.

Project Page | GitHub | Issues | Documentation for 1.1.2.RELEASE | Documentation for 2.0.1.RELEASE | Stack Overflow

On behalf of the team, I am pleased to announce that Spring Boot 1.5.11 has been released and is is now available from repo.spring.io and Maven Central.

Spring Boot 1.5.11 includes over 70 fixes, improvements and dependency updates. Thanks to all that have contributed with issue reports and pull requests.

How can you help?

If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter.

Project Page | GitHub | Issues | Documentation | Stack Overflow | …