Dear Spring community,

It's my pleasure to announce that Spring Framework 4.0.3 is available. This is the first release of the framework after Java 8's launch last week; it is built with OpenJDK 8 GA now and includes the latest ASM 5.0.1 (with bytecode support at the JDK 8 GA level as well, superseding the custom ASM 4.2 fork that we were previously using).

http://projects.spring.io/spring-framework/

Spring Framework 4.0.3 also comes with significant enhancements in the WebSocket space, with a lot of real-life feedback incorporated back into the framework and its configuration options. It's…

Dear Spring Community,

I am pleased to announce the release of Spring Data Redis 1.2.1! This maintenance release contains some bugfixes in RedisTemplate as well as in RedisCacheManager.

As always this version is tested against Java 6, 7 and 8, for compatibility with Redis 2.6 and 2.8 as well as Spring Framework 4.0.3. You can run this Jira Query for a complete list of changes.

We look forward to your feedback on the forum or in the issue tracker.

Cheers, your Spring Data Team!

Spring Security 3.2.3 has been released and is now available from Maven Central. This release brings a number of bug fixes including:

• A fix to Java Configuration to work with Spring Boot. See SEC-2531
• A fix to Java Configuration that when CSRF protection is disabled allows remembering the last page prior to authenticating when it is a POST to work with JSF. See SEC-2498

You can find additional details within the changelog .

Spring Boot 1.0.0.RC5 has been released and is available in the repo.spring.io repository. This is mainly a bug fix release, although a couple of new features have been added:

• A new @IntegrationTest annotation has been added to help when writing integration tests for Spring Boot.
• The CRaSH shell now exposes an endpoint command that can be used to obtain actuator information.

We now also have a fairly comprehensive reference manual.

This is the last planned release candidate, so please give it a try and report any bugs. We plan to release GA very soon.

I'm pleased to announce the first milestone release of Spring Test MVC HtmlUnit.

The project’s aim is to provide integration between Spring MVC Test and HtmlUnit. This simplifies performing end to end testing when using HTML based views.

Stay tuned to the Spring Blog for a mini blog series introducing this exciting new library. If you can't wait to get your feet wet, refer to the project's Getting Started section on GitHub.

On behalf of Michael Nitschinger, I'm happy to announce the 1.0 GA release of the Couchbase Spring Data module.

Between the last release candidate and the final release, several bugs have been fixed and new features have been added. Notable additions are the support for custom converters, JSR-303 Validation support and built-in support for temporal objects like Dates, Calendars and similar JodaTime variants.

The release artifacts are available via Maven Central. You can find the reference documentation, JavaDoc and a change log at the usual expected places.

From now on, the Couchbase module will be part of the official Spring Data release trains, starting with Dijkstra. Now that the first GA release is out of the door, we will put…

I am happy to announce the first service release of the Spring Data release train named Codd. The full list of participating modules looks as follows:

• Spring Data Build 1.3.1 - Changelog
• Spring Data Commons 1.7.1 - Artifacts - JavaDoc - Documentation - Changelog
• Spring Data JPA 1.5.1 - Artifacts - JavaDoc - Documentation - Changelog
• Spring Data MongoDB 1.4.1 - Artifacts - JavaDoc - Documentation - Changelog
• Spring Data Neo4j 3.0.1 - Artifacts - JavaDoc - Documentation - Changelog
• Spring Data Solr 1.1.1 - Artifacts - JavaDoc - Documentation - Changelog
• Spring Data REST 2.0.1 - Artifacts - JavaDoc - Documentation - Changelog
…

Spring Security 3.2.2 (change log) and 3.1.6 (change log) have been released and are available in Maven Central.

Among the highlights, these two releases resolve CVE-2014-0097 which allows a malicious user to impersonate a user with an empty password if ALL of the following hold true:

• The application is using ActiveDirectoryLdapAuthenticator
• The directory allows anonymous binds (not recommended)

NOTE: This does NOT impact users of LdapAuthenticationProvider or <ldap-authentication-provider>

For full details on the releases, please refer to the previously mentioned change logs.

Dear Spring Community,

I'm happy to announce the availability of Spring Social 1.1.0.RC1 as well as Spring Social Facebook 1.1.0.RC1, and Spring Social Twitter 1.1.0.RC1. These release candidates are the first step toward a GA release coming soon. They include several improvements, bug fixes, and a few new features, including:

• New Thymeleaf 3 and 4 dialects to match Spring Social's JSP tag library.
• A generic connection factory for quick configuration of an API for which there is no formal connection factory support. Provides a RestOperations as the API binding.
• Optimized use of RestTemplate in API bindings when using Spring 3.2+.
• A new streamlined and more flexible Java configuration option.
• SecurityConfigurerAdapter for enabling provider-based authentication with Spring Security's Java configuration.
• A pluggable session-abstraction.
• Support for Facebook's built-in OpenGraph actions in the API binding.
• …