There was a flurry of activity in the Spring ecosystem during the week of May 20th, 2024, highlighting the GA releases of Spring Boot 3.3.0, Spring Security 6.3.0, Spring Session 3.3.0 and Spring Integration 1.3.0.
Spring Boot
The release of Spring Boot 3.3.0 delivers dependency upgrades and new features such as: improved startup times and reduced memory consumption by adding support for Class Data Sharing (CDS); virtual thread support for web sockets; and security improvements, for example, auto-configuration for the Spring Security JwtAuthenticationConverter class. More details on this release may be found in the release notes.
Versions 3.2.6 and 3.1.12 of Spring Boot have also been released, featuring improvements in documentation, dependency upgrades and resolutions to issues such as: crashes with the SpringBootMockMvcBuilderCustomizer class while collecting data that it would have normally discarded; an IllegalArgumentException upon executing an Uber JAR on a shared drive; and properties, namely the valueOf(String) method defined in the ServiceLevelObjectiveBoundary class, could not be bound to a native application as the method wasn't registered for reflection. Further details on these releases may be found in the release notes for version 3.2.6 and version 3.1.12.
Spring Framework
The third milestone release of Spring Framework 6.2.0 delivers bug fixes and new features such as: new methods, getRequest() and getResponse(), defined in the MvcTestResult interface to offer a more straightforward way to get the request and response; and support for content negotiation and view rendering in the ResponseEntityExceptionHandler class. More details on this release may be found in the release notes.
Similarly, versions 6.1.8, 6.0.21 and 5.3.36 of Spring Framework have been released featuring bug fixes, improvements in documentation and new features: avoid creation of a Java SAXParserFactory instance for every read operation in Jaxb2Marshaller class as doing so can often result in code that goes off to look for resource files, which often are not there; and suppress the deprecation warning for AOT-generated code that refers to a deprecated bean type. Versions 6.1.8 and 6.0.21 will be included in Spring Boot 3.2.6 and 3.1.12, respectively. Further details on these releases may be found in the release notes for version 6.1.8, version 6.0.21 and version 5.3.36.
Spring Cloud Data Flow
The release of Spring Cloud Data Flow 2.11.3 primarily addresses CVE-2023-51074, a vulnerability in Jayway JsonPath 2.8.0 where it was discovered to contain a stack overflow via the parse() method defined in the Criteria class. Other notable changes include: performance improvements for job executions by creating indices on batch tables; and a re-enabling of the SimpleJobServicePostgresTests class after it was discovered that the default version of PostgreSQL is 14. More details on this release may be found in the release notes.
Spring Security
The release of Spring Security 6.3.0 delivers bug fixes, dependency upgrades and new security features such as: a new CompromisedPasswordChecker interface to check if a password a user is choosing has been compromised; support for the OAuth 2.0 Token Exchange grant that may be activated by adding an instance of TokenExchangeOAuth2AuthorizedClientProvider class to an implementation of the OAuth2AuthorizedClientManager interface; and support for annotation parameters in Spring Security annotations. Further details on this release may be found in the release notes and what's new page.
Spring Authorization Server
The release of Spring Authorization Server 1.3.0 ships with dependency upgrades and new features such as: support for the aforementioned OAuth 2.0 Token Exchange grant; support for multi-tenancy using the path component for the issuer; and enable a five-minute refresh of the Nimbus JOSE + JWT JwkSet class in the X509SelfSignedCertificateVerifier class for use cases where the certificate is rotated on the client side. More details on this release may be found in the release notes.
Spring for GraphQL
The release of Spring for GraphQL 1.3.0 provides bug fixes, dependency upgrades and new features such as: support for accepting interceptors in the WebSocketGraphQlTester interface to complement that functionality in the WebSocketGraphQlClient interface; and enable the use of the Kotlin Flow interface to handle return values from annotated controller methods such as @SchemaMapping, @BatchMapping and @GraphQlExceptionHandler. Further details on this release may be found in the release notes.
Spring Session
The release of Spring Session 3.3.0 ships with bug fixes, dependency upgrades and new features such as: a new ReactiveRedisIndexedSessionRepository class to support the Redis Indexed Web Session; and a new SpringSessionBackedReactiveSessionRegistry class that implements the Spring Security ReactiveSessionRegistry interface to support its reactive concurrent session control. More details on this release may be found in the release notes.
Similarly, versions 3.2.3 and 3.1.6 of Spring Session have been released featuring many dependency upgrades and improvements in documentation that include: cautioning the use of the RedisIndexedSessionRepository class in the Redis Cluster due to memory leaks in the index causing a slowdown in performance; and JSON serialization in JDBC. Further details on these releases may be found in the release notes for version 3.2.3 and version 3.1.6.
Spring Integration
Versions 6.3.0, 6.2.5 and 6.1.9 of Spring Integration have been released ships with bug fixes, improvements in documentation, dependency upgrades and a new feature to only renew the connection to the PostgresChannelMessageTableSubscriber class when it has been invalidated. More details on these releases may be found in the release notes for version 6.3.0, version 6.2.5 and version 6.1.9.
Spring Modulith
Versions 1.2.0, 1.1.5, and 1.0.8 of Spring Modulith have been released featuring bug fixes, improvements in documentation, dependency upgrades and notable improvements such as: expose the of() method defined in the ApplicationRuntime interface to create an instance of the SpringBootApplicationRuntime class as that's often needed in integration tests for runtime and observability components; and enabling trace context propagation by registering customizers for both the SimpleAsyncTaskExecutor class (used for virtual threads) and the ThreadPoolTaskExecutor class to register an instance of the ContextPropagatingTaskDecorator class. Further details on these releases may be found in the release notes for version 1.2.0, version 1.1.5 and version 1.0.8.
Spring Batch
Versions 5.1.2 and 5.0.6 of Spring Batch have been released to deliver bug fixes, improvements in documentation, dependency upgrades and an improvement where a more detailed error message has been added to the addString() method defined in the JobParametersBuilder class providing information about when parameter may be null. More details on these releases may be found in the release notes version 5.1.2 and version 5.0.6.
Spring AMQP
Versions 3.1.5 and 3.0.14 of Spring AMQP have been released featuring dependency upgrades and mitigation of a channel leak in the CachingConnectionFactory class when a connection is closed from the broker. Further details on these releases may be found in the release notes for version 3.1.5 and version 3.0.14.
Spring for Apache Kafka
Versions 3.2.0, 3.1.5 and 3.0.17 of Spring for Apache Kafka have been released providing bug fixes, improvements in documentation, dependency upgrades and an implementation of the handleOne() method, declared in the CommonErrorHandler interface, in the CommonDelegatingErrorHandler class. More details on these releases may be found in the release notes for version 3.2.0, version 3.1.5 and version 3.0.17.
Spring for Apache Pulsar
The release of Spring for Apache Pulsar 1.1.0 ships with improvements in documentation, dependency upgrades and notable changes such as: new tests for the org.springframework.pulsar.transaction package; and a migration from the deprecated Gradle Enterprise to the Gradle Develocity plugin. Further details on this release may be found in the release notes.
Similarly, the release of Spring for Apache Pulsar 1.0.6 provides improvements in documentation, dependency upgrades and an update to SSL certifications for integration tests. More details on this release may be found in the release notes.
This Week in Spring
Further details about these and other Spring ecosystem activities may be found in the May 21, 2024 edition of This Week in Spring by Josh Long, spring developer advocate at Broadcom.