This blog gives an update on the Schema Registry support that is part of Spring Cloud Stream version 4.0.x.

Many enterprises use a schema registry for schema evolution use cases, such as the Confluent Schema Registry. Starting with version 1.1.x of Spring Cloud Stream until 3.0.0, we provided a schema registry server and AVRO-based schema registry client converters that can reconcile the schema from the schema registry server. Spring Cloud Stream version 3.0.0 moved the Schema Registry components into a top-level spring-cloud project, and Spring Cloud Stream included those in its BOM for the…

Hi, Spring fans! In this episode, Josh Long (@starbuxman) talks to RabbitMQ engineer Arnaud Cogoluègnes (@acogoluegnes) on the new and novel in RabbitMQ

Hi, Spring fans! Welcome to another installment of This Week in Spring! I've been busy this last week! I've been visiting with customers and talking to the community here in South East Asia. I was in Malaysia last week, and now I'm in Bangkok, Thailand. I'm near the end of my time here in SE Asia, which makes me sad. I'm dearly going to miss the food and the weather, but time waits for no person, and it's almost time to go home.

And with time comes a jam-packed roster of new things we can read and learn from. So, without further ado, let's dive right into it!

• A Bootiful Podcast: Java Champion, legend, and prolific open source contributor Andres Almiray
• CVE Report Published for Spring Tools
• Can a Java Application Use More Memory than the Heap Size?
• JUnit – Testing Methods That Call System.exit()
• Spring Authorization Server 0.4.0-RC1 available now
• Spring Authorization Server 1.0.0-RC1 available now
• Spring Data 2022.0.0-RC2 available
• Spring Modulith 0.1 M2 released
• Have you tested your application against the upcoming Spring Boot 3? There's a ton of amazing new features arriving in this release and you should definitely be kicking the tires now. Remember: Spring Framework 6 is due in about a week's time and Spring Boot 3 is due less than a few weeks after that! And you know where to go: …

We have released STS 4.16.1 for Eclipse and Spring VSCode extensions 1.40.0 to address the following CVE report:

• CVE-2022-31691: Remote Code Execution via YAML editors in STS4 extensions for Eclipse and VSCode

Please review the information in the CVE report and upgrade immediately.

Eclipse: STS upgrade to 4.16.1 VSCode: Spring Boot Tools upgrade to 1.40.0 VSCode: Concourse CI Pipeline Editor upgrade to 1.40.0 VSCode: Bosh Editor upgrade to 1.40.0 VSCode: Cloudfoundry Manifest YML Support upgrade to 1.40.0

See Spring Tools page to find the latest releases

Hi, Spring fans! In this installment, Josh Long (@starbuxman) talks to Java Champion, legend, and prolific opensource contributor Andres Almiray (@aalmiray)

Hi, Spring fans! Welcome to another installment of This Week in Spring! How're you doin'? I hope you're doing well and had a great Halloween if you celebrate. I'm doing great. I'm in sunny Kuala Lumpur, Malaysia, eating delicious food and hanging out with amazing people. Tomorrow, I'm off to Penang, Malaysia, for a little tourism before I get back to a more code-driven kinda fun: I'll be doing a developer event looking at the latest-and-greatest from Spring Boot 3 here in Kuala Lumpur on the 11th of November - ten short days from now! - so please join me!

Also, I just joined Mastodon - a decentralized and open-source Twitter; I'm not leaving Twitter, of course, but I would love to make new friends and grow the community there: @[email protected]…

Spring Security 5.6.9 and 5.7.5 released on October 31st, 2022 included a fix for CVE-2022-31690 affecting the mapping of authorized scopes in spring-security-oauth2-client. Users are encouraged to update as soon as possible.

Impact

Users who have applied the mitigation should take note of the following impact:

No authorized scopes are mapped to the principal (current user) when the Authorization Server (AS) responds to the OAuth2 Access Token Response with an empty or missing scope parameter.

If you are affected by this vulnerability, users will not be granted any authorities beginning with SCOPE_ when the AS does not return scopes. Only the special authority ROLE_USER…

Spring Security 5.6.9 and 5.7.5 released on October 31st, 2022 included a fix for CVE-2022-31692 affecting the AuthorizationFilter. Users are encouraged to update as soon as possible.

Hi, Spring fans! In this installment, Josh Long (@starbuxman) talks to Spring mad scientist Andy Clement (@andy_clement) about the new native support in Spring Boot 3, SpringOne 2022, and Azure Spring Apps, among other things