Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! In this episode, Josh Long (@starbuxman) talks to Kubernetes cofounder, all-around nice person, and vice president of R&D at VMware, Craig McLuckie (@cmcluck).

Updates

• [04-13] "Data Binding Rules Vulnerability CVE-2022-22968" follow-up blog post published, related to the "disallowedFields" from the Suggested Workarounds
• [04-08] Snyk announces an additional attack vector for Glassfish and Payara. See also related Payara, upcoming release announcement
• [04-04] Updated Am I Impacted with improved description for deployment requirements
• [04-01] Updated Am I Impacted with additional notes
• [04-01] Updated Suggested Workarounds section for Apache Tomcat upgrades and Java 8 downgrades
• [04-01] "Mitigation Alternative" follow-up blog post published, announcing Apache Tomcat releases versions 10.0.20, 9.0.62, and 8.5.78…

Hi, Spring fans! In this installment we dare to be boring with YugabyteDB, a distributed database that just works. It's a database that feels like PostgreSQL but scales like Apache Cassandra.

NOTE: Hi, Spring fans! This is a guest post from Sean Li, our friend at Microsoft

I am pleased to announce that Spring Cloud Azure 4.0 is now generally available. With this major release we aim to bring better security, leaner dependencies, support for production readiness and more. Version 4 represents a significant milestone in our product roadmap that we couldn’t have delivered without the collective wisdom of the Spring community and customer feedback. On behalf of the Spring on Azure product team, thank you for making this happen!

Unified Development Experience

At the Developer Division…

We have released Spring Cloud Function 3.1.7 & 3.2.3 to address the following CVE report.

• CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression

Please review the information in the CVE report and upgrade immediately.

Aloha, Spring fans, from beautiful Maui, Hawaii, where I am with my family on a bit of vacation. It's our daughter's Spring break and so we're enjoying the family time while we can get it! I wanted to take a brief interlude in between the never-enough time on the beach and all the rum to get this week's installment out for y'all, so let's dive right into it!

• A Bootiful Podcast: Event streaming guru Jan Svoboda on Apache Kafka Design Patterns
• An update on Java 17 adoption
• Build To Manage: Proper Exception Handling Makes Your Applications Easier to Build and Manage
• CVE report published for Spring Framework
• Getting Started with Spring WebFlux
• Initial AOT support in Spring Framework 6.0.0-M3
• Java 18 is out! Get the bits while they're hot! Or at least get Java 17. Wouldn't want to be two major versions behind, would ya?
• Java Records tortured with Lombok yet again (builder edition)
• Want an industrial grade Kubernetes distribution? Check out this blog on …

As a follow-up to my blog post from last year's SpringOne, it is time for an update on our Java 17+ baseline efforts!

We established the new baseline on our main branches, with a few milestones out already. The feedback has been very positive, not only in terms of framework improvements but also in terms of the motivation for a Java upgrade at the application level. Of course, it does not end with JDK 17 LTS: JDK 18 is an immediate option already, JDK 19 will be the current release when we go final later this year, with JDK 20 to be in early access by then - and JDK 21 LTS on the horizon…

We have released Spring Framework 5.3.17 and Spring Framework 5.2.20 to address the following CVE report.

• CVE-2022-22950: Spring Expression DoS Vulnerability

Please review the information in the CVE report and upgrade immediately.

Spring Boot users should upgrade to 2.5.11 or 2.6.5.

Hi, Spring fans! In this installment Josh Long (@starbuxman) talks to event streaming guru at Confluent, the company behind Apache Kafka, Jan Svoboda about Apache Kafka design patterns.

• Kafka summit in London Europe end of April 2022 Kafka Summit London 2022 | April 25-26 | London, UK
• the Confluent Developer Education Portal: Your Apache Kafka® Journey begins here
• check out the upcoming Kafka Summit London event April 25-26, 2022