Hi, Spring fans! Welcome to another installment of This Week in Spring! This week I was hoping to be in glorious Chicago, Illinois for the first in-person SpringOne Tour installment since the pandemic. But, alas, I couldn't go because - out of an abundance of caution, and since I was exposed to COVID19 in Atlanta, GA - it was thought to be safer to keep some folks home and virtual. Sigh. This policy makes perfect sense and it's what I wanted. But it's still a smidge disappointing to not be there. I miss y'all! It was fun at least doing a remote presentation.

Anyway, without further ado, let's…

We have released Spring Security OAuth 2.5.2 to address the following CVE report.

• CVE-2022-22969: Denial-of-Service (DoS) in spring-security-oauth2

This vulnerability exposes OAuth 2.0 Client applications only.

Please review the information in the CVE report and upgrade immediately.

Hi, Spring fans! Welcome to another installment of A Bootiful Podcast! In this installment Josh Long (@starbuxman) talks to Spring Cloud luminary and all around lovable guy Glenn Renfro (@cppwfs) about batch processing, tasks, messaging, integration, data flow, and a million other things. Also: t-shirts!

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's been quite the week since we last talked! I flew to Atlanta, GA, for my first in-person show since the pandemic - Devnexus 2022. I loved the experience! Hopefully, the only souvenirs I'll have are the amazing memories and not COVID. I loved to see so many smiling faces. Thanks so much for having me, Devnexus, and for running an amazing show. It was a privilege to return.

And now, without further ado, let's dive right into the roundup.

• A Bootiful Podcast: Cloud guru Tiffany Jernigan
• Jacky Chan on Twitter: "My new open source tool httpx, CLI and IDE plugins to test REST API, GraphQL, gRPC, RSocket, Kafka etc services with HTTP DSL https://t.co/jkvJG2syff JetBrains/Neovim plugins are all ready. Support by @java and @graalvm" / Twitter
• Ngrok Spring Boot Starter - Tunneling The Easy Way
• Spring Boot with Drools Engine. In this blog we would see how Spring integrates with Drools Engine. | CodeX
• Spring Data 2021.2.0-RC1, 2021.1.4, and 2021.0.11 released
• Spring Framework 5.3.19 and 5.2.21 available now
• …

Hi, Spring fans! In this installment, Josh Long (@starbuxman) talk about his first in-person conference since the pandemic descended upon us -the fabulous Devnexus 2022 show - and talks to colleague, teacher, friend, and Kubernetes legend Tiffany Jernigan (@tiffanyfayj).

Table of Contents

• Overview
• Does This Affect My Application?
• Reassessing Your Data Binding Approach

Overview

While investigating the Spring Framework RCE vulnerability CVE-2022-22965 and the suggested workaround, we realized that the disallowedFields configuration setting on WebDataBinder is not intuitive and is not clearly documented. We have fixed that but also decided to be on the safe side and announce a follow-up CVE, in order to ensure application developers are alerted and have a chance to review their configuration.

• CVE-2022-22968: Spring Framework Data Binding Rules Vulnerability

We have released Spring Framework 5.3.19 and 5.2.21 which contain the fix. Spring Boot 2.6.7 and 2.…

This Week in Spring - Devnexus Edition

Hi, Spring fans! Welcome to another installment of This Week in Spring - I'm at my first in-person event since the virus: Devnexus! WOOHOOO!! Well, technically I'm still in San Francisco as I write this, but I'll be in Atlanta, GA tomorrow for... Devnexus! I hope if you're there that you'll reach out!

Friends, colleagues, and community members from the Spring, Tanzu, and adjoining communities will also be there! Here are some of the people I hope to nab a selfie with and whose talks I hope to see!

• Glenn Renfro
• Adib Saikali
• Joe Grandja
• Whitney Lee
• Hillmer Chona
• Jonatan Ivanov
• Josh Cummings
• Alberto C. Rios
• Simon Brown
…

Hi, Spring fans! In this installment of a Bootiful Podcast, Josh Long (@starbuxman) talks to the GraphQL Java project founder and lead, Atlassian engineer, and Spring GraphQL cofounder Andi Marek (@andimarek).

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm back home from the Hawaiin islands. It's so good to be home.

First thing's first: there's a security vulnerability. We've already released guidance on how to mitigate as well as new releases of Spring Framework and Spring Boot that include the mitigation by deault. See the links below for more.

• Spring Framework RCE, Early Announcement
• Spring Framework RCE, Mitigation Alternative
• CVE report published for Spring Cloud Function

Now, back to your regularly scheduled installment of This Week in Spring:

• A Bootiful Podcast: Kubernetes cofounder and vice president of R&D at VMware, Craig McLuckie
• Blog: Is Your Cluster Ready for v1.24?
…