There was a flurry of activity in the Spring ecosystem during the week of November 18th, 2024, highlighting GA releases of: Spring Boot, Spring Security, Spring Authorization Server, Spring Integration, Spring Modulith, Spring AMQP, Spring for Apache Kafka and Spring for Apache Pulsar.
Spring Boot
The release of Spring Boot 3.4.0 delivers dependency upgrades, dependency upgrades and new features such as: support for structured logging with built-in support for Elastic Common Schema, Graylog Extended Log Format and Logstash; and expanded virtual thread support that now allows the Micrometer OtlpMeterRegistry
class and the Undertow web server to use virtual threads. More details on this release may be found in the release notes.
InfoQ followed up with this detailed news story on Spring Boot 3.4 and Spring Framework 6.2 featuring Q&A with Juergen Hoeller, senior staff engineer and Spring Framework Project Lead at Broadcom, and Sébastien Deleuze, master software engineer and Spring Framework core committer at Broadcom.
Spring Cloud
Spring Cloud 2022.0.9, codenames Kilburn, has been released featuring dependency upgrades to sub-projects: Spring Cloud Contract 4.0.9, Spring Cloud Netflix 4.0.7 and Spring Cloud OpenFeign 4.0. This release is compatible with Spring Boot 3.0.18 and 3.1.14.
Spring Security
The release of Spring Security 6.4.0 provides bug fixes, dependency upgrades and new features such as: support for Passkeys and one-time tokens; and a simplified OAuth 2.0 configuration via numerous deprecations and corresponding replacements. For example, the DefaultAuthorizationCodeTokenResponseClient
class has been deprecated in favor of the RestClientAuthorizationCodeTokenResponseClient
class. Further details on this release may be found in the release notes and what's new page.
Spring Authorization Server
The release of Spring Authorization Server 1.4.0 ships with dependency upgrades and new features such as: improved support for configuring the authentication server using the with()
method defined in the Spring Security HttpSecurity
class; and the ability to customize validation and success handling of OpenID Connect 1.0 RP-Initiated logout requests via the OidcLogoutAuthenticationProvider
class. More details on this release may be found in the release notes.
Spring Integration
The release of Spring Integration 6.4.0 delivers bug fixes, dependency upgrades and new features such as: a new Control Bus interaction model implemented via the new ControlBusCommandRegistry
class; and an option added to the AmqpInboundChannelAdapter
class to override the default amqp_batchedHeaders
name. Further details on this release may be found in the release notes and what's new page.
Spring Modulith
The release of Spring Modulith 1.3.0 provides bug fixes, dependency upgrades and new features such as: the ability to nest application modules in the core abstractions; and a new ApplicationModuleSourceFactory
interface to declare root packages to "scan explicit application module base packages and optionally customize the application module detection strategy to be used for the declared root package." This new version also upgrades to Spring Boot 3.4 and Spring Framework 6.2. More details on this release may be found in the release notes and what's new page.
Spring AI
The fourth milestone release of Spring AI 1.0.0 ships with bug fixes and new features such as: support for the Amazon Bedrock Converse API that provides a unified interface for AI chat models; and improved support for the Java Function
, Supplier
and Consumer
interfaces via the FunctionCallback
builder interface to allow direct invocation of those function and method types. According to the roadmap, the Spring AI team plans a fifth milestone in December 2024 followed by one release candidate and final GA release in January 2025.
Spring AMQP
The release of Spring AMQP 3.2.0 delivers bug fixes, improvements in documentation, dependency upgrades and a new feature that requires the incrementRetryCount()
method, defined in the MessageProperties
class, to be called before re-publishing a message to the Dead Letter Exchanges (DLX) queue due to the x-death
header being no longer operational since the release of RabbitMQ 4.0. Further details on this release may be found in the release notes.
Spring for Apache Kafka
The release of Spring for Apache Kafka 3.3.0 provides bug fixes, improvements in documentation, dependency upgrades and new features such as: a generics optimization that fixes the warning in the testTransactionReplicationFactor()
method, defined in the MessagingMessageListenerAdapter
class; and a default minimum value for the replication factor for the transactions topic when when using the embedded Kafka broker @EmbeddedKafka
annotation for tests. More details on this release may be found in the release notes.
Spring LDAP
Spring LDAP 2.4.4 and 3.2.8 have been released featuring a resolution to CVE-2024-38829, Spring LDAP Sensitive Data Exposure for Case-Sensitive Comparisons, a vulnerability affecting versions 3.2.0 - 3.2.7, 3.1.0 - 3.1.7, 3.0.0 - 3.0.9 and 2.4.0 - 2.4.3 where the use of the toLowerCase()
and toUpperCase()
methods, defined in the Java String
class, have some Locale
-dependent exceptions that could potentially result in unintended columns from being queried. Further details on these releases may be found in the release notes for version 3.2.8 and version 2.4.4.
Spring for Apache Pulsar
The release of Spring for Apache Pulsar 1.2.0 features many dependency upgrades, most notable of which include: Spring Framework 6.2.0, Project Reactor 2024.0.0, Micrometer Metrics 1.14.1 and Micrometer Tracing 1.4.0. More details on this release may be found in the release notes.