There was heavy activity in the Spring ecosystem during the week of August 19, 2024, with highlights including: point and milestone releases for Spring Boot, Spring Data, Spring Cloud, Spring Security, Spring Authorization Server, Spring Session, Spring for Apache Kafka, and Spring for Apache Pulsar.
spring shoes
The second major release of Spring Boot 3.4.0 brings bug fixes, documentation improvements, dependency upgrades, and several new features such as: an update to the @ConditionalOnSingleCandidate annotation to handle fallbacks when there is only one regular item; and configuration of the SimpleAsyncTaskScheduler class when virtual threads are enabled. More details about this release can be found in the release notes.
Spring Boot versions 3.3.3 and 3.2.9 have been released to address CVE-2024-38807, a signature forgery vulnerability in the Spring Boot loader. Applications that use the spring-boot-loader or spring-boot-loader-classic APIs contain custom code that verifies the signature of nested JAR files, and may be vulnerable to signature forgery where content that appears to be signed by one signer is, in fact, signed by another. Developers using earlier versions of Spring Boot should upgrade to versions 3.1.13, 3.0.16, and 2.7.21.
Spring Data
Spring Data releases 2024.0.3 and 2023.1.9, both service releases, feature bug fixes and dependency upgrades for subprojects such as: Spring Data Commons 3.3.3 and 3.2.9; Spring Data MongoDB 4.3.3 and 4.2.9; Spring Data Elasticsearch 5.3.3 and 5.2.9; and Spring Data Neo4j 7.3.3 and 7.2.9. These releases can be used by Spring Boot 3.3.3 and 3.2.9, respectively.
Spring cloud
The first significant release of Spring Cloud 2024.0.0, codenamed Mooregate, includes bug fixes and notable updates to the subprojects: Spring Cloud Kubernetes 3.2.0-M1; Spring Cloud Function 4.2.0-M1; Spring Cloud OpenFeign 4.2.0-M1; Spring Cloud Stream 4.2.0-M1; and Spring Cloud Gateway 4.2.0-M1. This release provides compatibility with Spring Boot 3.4.0-M1. More details about this release can be found in the release notes.
Spring Security
The second major release of Spring Security 6.4.0 brings bug fixes, dependency upgrades, and new features such as: improved support for @AuthenticationPrincipal and @CurrentSecurityContext annotations for better method security compatibility; preservation of the custom user type in the InMemoryUserDetailsManager class for improved usability in the loadUserByUsername() method; and the addition of a constructor in the AuthorizationDeniedException class to provide a default value for the AuthorizationResult interface. More details about this release can be found in the release notes and the What's New page.
Similarly, Spring Security versions 6.3.2, 6.2.6, and 5.8.14 have also been released, which provide bug fixes, dependency upgrades, and a new feature that implements support for multiple URLs in the ActiveDirectoryLdapAuthenticationProvider class. More details about these releases can be found in the release notes for 6.3.2, 6.2.6, and 5.8.14.
Spring Delegation Server
Spring Authorization Server versions 1.4.0-M1, 1.3.2, and 1.2.6 have been released, bringing bug fixes, dependency upgrades, and new features such as: a new authenticationDetailsSource() method added to the OAuth2TokenRevocationEndpointFilter class, which is used to build authentication details from an instance of the Jakarta Servlet HttpServletRequest interface; and allows customizing an instance of the Spring Security LogoutHandler interface in the OidcLogoutEndpointFilter class. More details about these releases can be found in the release notes for version 1.4.0-M1, version 1.3.2, and version 1.2.6.
Spring session
The second major release of Spring Session 3.4.0-M2 brings several dependency upgrades and a new RedisSessionExpirationStore interface so that it is now possible to customize the expiration policy on an instance of the RedisIndexedSessionRepository.RedisSession class. More details about this release can be found in the release notes and the What's New page.
Similarly, Spring Session 3.3.2 and 3.2.5 come with dependency upgrades and a fix for an issue where an instance of the AbstractSessionWebSocketMessageBrokerConfigurer class would trigger an excited instance of the SessionRepository interface due to an unstable declaration of the Spring Framework ApplicationListener interface. More details about this release can be found in the 3.3.2 and 3.2.5 release notes.
spring model
Spring Modulith versions 1.3 M2, 1.2.3, and 1.1.8 have been released, bringing bug fixes, dependency upgrades, and new features such as: improved event-based publication completion and target ID to allow databases to optimize their query plan; and a redesigned EventPublication interface that renames the isPublicationCompleted() method to isCompleted(). More details about these releases can be found in the release notes for version 1.3.0-M2, version 1.2.3, and version 1.1.8.
Spring Artificial Intelligence
The second major release of Spring AI 1.0.0 brings bug fixes, documentation improvements, and new features such as: improved monitoring functionality for the ChatClient interface, chat models, embed models, image generation models, and vector stores; a new MarkdownDocumentReader for ETL pipelines; and a new ChatMemory interface powered by Cassandra.
Spring for Apache Kafka
Spring for Apache Kafka versions 3.3.0-M2, 3.2.3, and 3.1.8 have been released with bug fixes, dependency upgrades, and new features such as: support for Apache Kafka 3.8.0; and improved error handling when retrying fault tolerance. These releases will be included in Spring Boot 3.4.0-M2, 3.3.3, and 3.2.9, respectively. More details about this release can be found in the release notes for 3.3.0-M2, 3.2.3, and 3.1.8.
Spring for Apache Pulsar
The first significant release of Spring for Apache Pulsar 1.2.0-M1 includes documentation improvements, dependency upgrades, and new features: the ability to configure a default topic and namespace; and the ability to use a custom Jackson ObjectMapper instance for JSON schemas. This release will be included in Spring Boot 3.4.0-M2. More details about this release can be found in the release notes.
Similarly, Spring for Apache Pulsar versions 1.1.3 and 1.0.9 have been released with dependency upgrades and will be included in Spring Boot 3.3.3 and 3.2.9 respectively. More details about these releases can be found in the release notes for 1.1.3 and 1.0.9.
