We are pleased to announce the release of Spring Batch 3.0.9.RELEASE and 4.0.1.RELEASE via Maven Central, Github, and the Pivotal download repository.

These two maintenance releases address a number of bug fixes, enhancements and documentation updates. For a complete list of changes, please refer to the change logs for 3.0.9 and 4.0.1. Many thanks to all of those who submitted pull requests that went into these releases.

Please note that the next patch version, 3.0.10.RELEASE, will be the last maintenance release of the 3.x line. We strongly recommend users to migrate to the latest and…

Spring Web Flow 2.5 is now GA and available for use. This release provides an upgrade path for applications using Web Flow to Spring Framework 5 with Java 8, Servlet 3.1, Hibernate 5, Tiles 3, and JSF 2.2 as minimum requirements.

One of the key features in Spring Security 5 is support for writing applications that integrate with services that are secured with OAuth 2. This includes the ability to sign into an application by way of an external service such as Facebook or GitHub.

But with a little bit of extra code, you can also obtain an OAuth 2 access token that can be used to perform authorized requests against the service’s API.

In this article, we’re going to look at how to develop a Spring Boot application that, using Spring Security 5, integrates with Facebook. You can find the complete code for this article at https://github.com/habuma/facebook-security5…

Last fall, a security vulnerability affecting Spring Data REST was discovered. We patched the affected modules and published a CVE. We've seen some recent news about this that's led to confusion. Here's the scoop:

tl;dr:

• There was a security vulnerability allowing arbitrary code execution in Spring Data REST up to version 2.6.8 and 3.0.0.
• This vulnerability has been fixed in the following versions:

-- Spring Data REST 2.6.9 (Ingalls SR9, Oct. 27th, 2017), included in Spring Boot 1.5.9 (Oct, 28th 2017). -- Spring Data REST 3.0.1 (Kay SR1, Oct. 27th 2017), included in Spring Boot 2.0 M6, (Nov…

The Spring Security SAML project has been an integral part of the Spring ecosystem since its inception nearly 9 years ago. This critically important project was born through the incredible effort and contributions of Vladimír Schäfer. I’d like to take the time to personally thank Vladimír and our fantastic community for their tireless work. Without all of their efforts, this project would not be what it is today.

Vladimír, our amazing community, and the Spring engineering team are planning to team up to enhance Spring Security SAML to achieve the following primary goals:

• Ensuring all dependencies are up to date

• Ensure all Spring Security APIs do not expose any dependency APIs

• Graduate Spring Security SAML from an extension into Spring Security proper

…

Hi Spring fans and welcome to another installment of This Week in Spring! As I write this it's early morning Tuesday in Sydney, Australia, where I've been visiting with some of Pivotal's amazing customers, and I'm now preparing for my flight to Dubai, in six short hours, where I'll visit some more of Pivotal's amazing customers. Later this week I'll be in Bangalore, India, for the amazing Agile India conference, and then - early next week on Tuesday - I'll be in Boston, MA for the first SpringOne Tour event. If you're around don't hesitate to say hi, as usual!

This week we've got a lot of…

On behalf of the community, I am pleased to announce that the Milestone 8 (M8) of the Spring Cloud Finchley Release Train is available today. The release can be found in Spring Milestone repository. You can check out the Finchley release notes for more information.

Notable Changes in the Finchley Release Train

Finchley.M8 is compatible with Spring Boot 2.0.0.RELEASE.

Spring Cloud Gateway

Some bug fixes and small configuration enhancements.

Spring Cloud Bus

Fixes for custom remote events.

Spring Cloud Security

Updated to spring-security-oauth2-autoconfigure 2.0.0.RELEASE.

Spring Cloud Config

Support for Gitee…

This week, the software world found out that SAML Vulnerabilities Affecting Multiple Implementations were discovered. If you use Spring Security SAML’s defaults, you are not impacted by this vulnerability.

The underlying implementation that Spring Security SAML uses is Shibboleth’s OpenSAML Java library. The OpenSAML Java implementation was not listed in the libraries that contain the vulnerability (Shibboleth openSAML C++ was vulnerable). However, if the ParserPool has been customized, you may be impacted.

NOT Safe Configurations

Specifically, if the application explicitly sets the BasicParserPool or the StaticBasicParserPool to have ignoreComments = false, it is vulnerable to the…

On behalf of the team, it is my very great pleasure to announce that Spring Boot 2.0 is now generally available as 2.0.0.RELEASE from repo.spring.io and Maven Central!

This release is the culmination of 17 months work and over 6800 commits by 215 different individuals. A massive thank you to everyone that has contributed, and to all the early adopters that have been providing vital feedback on the milestones.

This is the first major revision of Spring Boot since 1.0 was released almost 4 years ago. It's also the first GA version of Spring Boot that provides support for Spring Framework 5.0.

…