Hi, Spring fans, and greetings from CERN, home of the famous Large Hadron Collider, where I'm speaking again at the VOXXED Days CERN 2017 event. It's been an amazing almost week here in lovely Switzerland, first in Lugano (for VOXXED Days Ticino), and now in Geneva.

I'm super excited to be here, but all this wonderful scenery has only made it more difficult to keep up with what has been a very exciting week indeed in the community. Let's dive right into it, we have a ridiculous amount of stuff to look into!

• Spring Shell 3.1.8 and 3.2.1 are now available
• CVE-2024-22233: Spring Framework server Web DoS Vulnerability
• Spring Modulith 1.0.5, 1.1.2, and 1.2 M1 released
• Spring Boot 3.2.2 available now
• Spring Boot 3.3.0-M1 available now
• Spring Security 6.3 adds passive JDK Serialization/Deserialization for Seamless upgrades
• Spring Boot 3.1.8 available now
• A Bootiful Podcast: programming language archaeologist Ted Neward
• My friend Cora Iberkleid is a legend in all things software and so whenever she speaks, I listen. She's started posting these super handy little writeups on twitter (as handy, downloadable images you could perhaps use as reference cards?), so follow her (@ciberkleid) for more. One of her latest is on the new SSL hot reloads in Spring Boot 3.2…

The Spring Framework 6.0.16 and 6.1.3 releases shipped on January 11th includes a fix for CVE-2024-22233.

The Spring Boot 3.1.8 and 3.2.2 releases shipped last week upgrade to the relevant Spring Framework versions.

Users are encouraged to update as soon as possible.

In the early versions of Spring Security, a deliberate decision was made to avoid providing any guarantee of compatibility for serialized classes (via JDK serialization) between different versions of the project. This decision primarily took into account the context of RMI, with the recommendation being that both the server and client should use the same version of Spring Security.

As more apps depend on persistent sessions and technologies like Spring Session, the problem with inconsistent serialization becomes a bigger deal. Persistent sessions mean saving user sessions by turning them into…

Hi, Spring fans! In this installment, I talk to programming language archaeologist Ted Neward

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 16th of January already! We're closer to February than not! I can hardly believe it.

As always, we've got a lot to cover so let's dive right into it.

• the Spring Authorization Server 1.3.0-m1 is now available
• this is such a cool project: it lets you use the Spring Boot programming model for TestContainers - as dependencies that get spun up for you automatically - but for other Spring Boot projects, like other services. It's super common to spin up multiple JVMs to test an entire application. One such use case? Spinning up an instance of the Spring Authorization Server, or the Spring Cloud Eureka Server, or the Spring Cloud Config Server, or even just collaborating microservices.
• Spring Session 3.3.0 M1 is now available
• …

Hi, Spring fans! In this installment we're joined by two Apache luminaries Trista Pan - of Apache ShardingSphere - and Sheng Wu - of Apache Skywalking

Hi, Spring fans! In this installment, Josh Long looks at the fantastic Spring Data JDBC project, which is one of the easiest and most powerful ways to leverage JDBC in a Spring Boot application.

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the second week of 2024, and I am already thinking about 2025! And, a bit more immediatelt than that: the next two weeks. I'll be at both VOXXED DAYS Ticino and VOXXED DAYS CERN, both in Switzerland. If you're about, come out and say hi!

This year is going to be amazing!

And this week's been amazing, too. Let's dive into it.

• in last week's installment of A Bootiful Podcast, I talked to my friend and Kubernetes guru Leigh Capili
• Spring Shell 3.1.7 and 3.2.0 is now available
• Spring Boot Kafka and websockets: a practical approach to real time messaging
• Like Lombok? Me too. But some folks on the Java team will remind you that it's built on intrinsic, unsupported internal bits of the JDK and JRE and that it's doomed to failure without some major changes. Soooo... maybe it's time to start looking for more well-supported alternatives? One such thing that handles a very specific feature of Lombok is Jilt…

Hi, Spring fans! And Happy new year! In this episode I talk to Kubernetes guru Leigh Capili, who helps us ring in the new year!