A Bootiful Podcast: Vaadin's Marcus Hellberg on rich UIs, Spring Boot 3, GraalVM native images, and more

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Vaadins Marcus Hellberg @marcushellberg about rich UIs, Vaadin Flow, the new Hilla Framework, GraalVM native image compilation, and so much more...

A Bootiful Podcast: the good Dr. Venkat Subramaniam

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to the good Dr. Venkat Subramaniam @venkats about the art of writing software, his latest projects, and more...

A Bootiful Podcast: Observability guru Jonatan Ivanov on the future of observability in Spring Boot

Hi, Spring fans! In this installment, Josh Long @starbuxman talks to Spring observability guru Jonatan Ivanov @jonatanivanov...

This Week in Spring - August 1st, 2022

Aloha, Spring fans! Welcome to another installment of This Week in Spring! Im still on vacation on the beautiful island of Maui, Hawaii, but I wanted to say hello "aloha!" and share this weeks latest roundup of all thats good and glorious in the wide and wonderful world of Springdom. Funny thing,...

A Bootiful Podcast: Kubernetes cofounder and vice president of R&D at VMware, Craig McLuckie

Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! In this episode, Josh Long @starbuxman talks to Kubernetes cofounder, all-around nice person, and vice president of R&D at VMware, Craig McLuckie @cmcluck...

A Bootiful Podcast: DaShaun Carter on patching, Spring Boot 4.1, and security in the world of AI

Hi Spring fans! In this installment I have the privilege to sit down with my friend DaShaun Carter to talk about patching, Spring Boot 4.1, and security in the world of AI...

This Week in Spring - June 9th, 2026

Hi Spring fans! Welcome to another installment of This Week in Spring! Tons of releases coming out today and this week! So make sure you're pulling in the latest posts, as often as possible! Spring LDAP 2026.06 Releases - Contains CVE Fix Spring Framework 7.0.8 and 6.2.19 Available Now Spring...

CVE-2026-41008: Spring Security Authorization Server Open Redirect via request_uri

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi , which can lead to an Open Redirect...

Spring Office Hours Podcast: S5E15 - Upgrading Spring and OSS Security

Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this episode, Dan and DaShaun tackle two challenges every Spring developer faces: keeping applications up to date and staying ahead of security vulnerabilities in open source dependencies. They explore how AI...

Cassandra SSL auto-configuration disables TLS hostname verification

Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra...

Denial of service in static resource handling on Windows platforms

Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: When all the conditions above are met, the attacker can send malicious requests that are slow to resol...

A Bootiful Podcast: Glenn Renfro on Java and Spring community legend and my friend - on Devnexus and more

Hi, Spring fans! In this installment I talk to the amazing Glenn Renfro about Spring Batch, Spring Integration, Spring AI, and much more — plus why you should definitely register to attend the amazing Devnexus event in Atlanta, GA!...

Spring AI Agentic Patterns (Part 4): Subagent Orchestration

Instead of one generalist agent doing everything, delegate to specialized agents. This keeps context windows focused—preventing the clutter that degrades performance. Task tool, part of the spring-ai-agent-utils toolkit, is a portable, model-agnostic Spring AI implementation inspired by Claude...

Multi-Factor Authentication in Spring Security 7

In 2013, it was proposed to add multi-factor authentication into Spring Security. That was the year that “selfie” was added to the English dictionary and “What Does the Fox Say?” was a viral YouTube hit. Needless to say, one of the biggest features in Spring Security 7 is a long time coming, and ...

This Week in Spring - August 12th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's August 5th! Which means we're only a few short weeks away until SpringOne 2025! Have you registered? There's so much to cover this week, so let's dive right into it! I love Spring Modulith and I love JetBrains IntelliJ...

Authentication Leak On Redirect With Reactor Netty HTTP Client

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects...

RFD Attack via “Content-Disposition” Header Sourced from Request

In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input. Specifically, an...

Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies...

A Bootiful Podcast: Spring IO founder Sergi Almar on Spring IO 2025

Hi, Spring and Spring I/O fans! In this installment we have the privilege of chatting with friend of the community and legend Sergi Almar about the amazing Spring IO 2025, where this episode was published, and a lot more...

Spring Security authorization bypass for method security annotations on private methods

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: In that case, the target method may be able to be invoked without proper authorization. You...

Spring gRPC Promoted!

It's a few months since we had a blog about Spring gRPC that wasn't just a release announcement. This one marks the first release since the project was promoted from experimental to a full member of the Spring Portfolio. This doesn't change the way you consume the project, but it has some...

Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You are not affected if any of the following is true:...

A Bootiful Podcast: 'Mr. Apache' Jeff Genender

Hi, Spring fans! In this episode I'm joined by well-known member of the Java community Jeff Genender, whose contributions to Apache over the decades have driven several key projects with which you're no doubt familiar...

Using Spring AI 1.0.0-SNAPSHOT: Part 2 - Important Changes and Updates

Using Spring AI 1.0.0-SNAPSHOT: Part 2 - Important Changes and Updates This blog post is a continuation of our previous article Using Spring AI 1.0.0-SNAPSHOT: Important Changes and Updates, where we introduced the significant changes to artifact IDs, dependency management, and autoconfiguration ...

A Bootiful Podcast: AWS Developer Advocate and industry legend James Ward

Hi, Spring fans! In this installment I talk to AWS Developer Advocate and industry legend James Ward about AWS Bedrock, Amazon Cohere, Spring AI, MCP, and so much more!...

Using Spring AI 1.0.0-SNAPSHOT: Important Changes and Updates

Using Spring AI 1.0.0-SNAPSHOT: Important Changes and Updates Spring AI 1.0.0-SNAPSHOT introduces several important changes to artifact IDs, dependency management, and autoconfiguration. This blog post outlines these changes and provides guidance on how to update your projects. The most significa...

This Week in Sprng - March 11th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's a busy week as always, fresh off the rush that was Devnexus and busily preparing for the fun that is JavaOne! It's going to be epic! want to learn about dependency injection, auto-configuration, Spring Framework, Spring...

A Bootiful Podcast: Apache Causeway’s Dan Haywood

Hi, Spring fans! In this installment I talk to the legendary Dan Haywood, contributor to the Apache Causeway project...

Audio Multimodality: Expanding AI Interaction with Spring AI and OpenAI

This blog post is co-authored by our great contributor Thomas Vitale. OpenAI provides specialized models for speech-to-text and text-to-speech conversion, recognized for their performance and cost-efficiency. Spring AI integrates these capabilities via Voice-to-Text and Text-to-Speech TTS. The ne...

This Week in Spring - November 5th, 2024

This Week in Spring - November 5th, 2024 Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 5th of November, 2024, and, um, I - an American - am desperately trying to keep calm and carry on. I did everything I can do VOTE!, and so it's with considerable enthusiasm th...

This Week in Spring - October 1st, 2024

Hi, Spring fans! it's the first of October! We're officially in the fourth quarter of 2024! Time's moving too quickly. Way too quickly. But as always, there's awesome stuff afoot, so let's dive right in! Spring Framework lead Juergen Hoeller looks at the road ahead, to Spring Framework 6.2 and...

This Week in Spring - September 10th, 2024

Hi, Spring fans! Or, I suppose: 안녕하세요, Spring 팬 여러분! I'm writing this from a café in scintillating Seoul, Korea. It's amazing. I've been talking to developers of all stripes who are using and building upon Spring to do all sorts of cool stuff. And tomorrow, it's off to jolly Japan. I'll be...

A Bootiful Podcast: Vaadin developer advocacy legend Marcus Hellberg

Hi, Spring fans! In this installment, I talk to Vaadin developer advocacy legend Marcus Hellberg about the lates-and-greatest in the wide and wonderful world of Spring...

This Week in Spring - July 23rd, 2024

Hi, Spring fans! It's such an exciting time to be alive! I hope you're doing well. It's nearly the end of July, already! Time is flying and as always the community has not disappointed with their incredible content. Let's dive right into it! have you registered for SpringOne 2024 yet? I love this...

A Bootiful Podcast: Digital Accessibility Architect, Java and Groovy legend, Scott Davis

Hi, Spring fans! In this episode I talk to Java ecosystem legend Scott Davis...

Spring Tips: Proxies

Hi, Spring fans! In this installment we look at the use of JDK and CGLIB-based proxies in Spring, and demystify their application Java SpringBoot SpringFramework Architecture DesignPatterns oop...

This Week in Spring - July 9th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's been! We've got a lot to get into, so let's dive right in. I quite liked this talk, Continuations: The magic behind virtual threads in Java by Balkrishna Rawool @ Spring I/O 2024 In last week's episode of...

Spring AI - Groq AI inference

Faster information processing not only inform—it transforms how we perceive and innovate. Spring AI, a powerful framework for integrating AI capabilities into Spring applications, now offers support for Groq - a blazingly fast AI inference engine with supports for Tool/Function calling. Because...

A Bootiful Podcast: Abdel Sghiouar, Cloud Native Developer Advocate at Google

Hi, Spring fans! Abdel Sghiouar is a senior Cloud Native Developer Advocate at Google, a co-host of the Kubernetes Podcast by Google and a CNCF Ambassador, and it was my pleasure to sit down with him at the amazing Spring IO event in Barcelona and catch up on all things Kubernetes and Google...

A Bootiful Podcast: Stuart Marks (aka ”Dr. Deprecator”) on Java, its amazing features, and more

Hi, Spring fans! Happy one-day-belated Java 22 release day to those who celebrate! To ring in the new release, we've got an extra special and incredible discussion with a Java legend - somebody who's been involved in the Java community and work for decades - Stuart Marks, or "Dr. Deprecator," as...

Spring Tips: the Spring Authorization Server: securing SPAs and messaging flows

hi, Spring fans! In this installment, we continue our look at the venerable Spring Authorization Server, this time looking at how to extend its use beyond just HTTP APIs, to secure single page applications and messaging flows with OAuth...

This Week in Spring - February 20th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you this fine 20th of February, 2024? I'm doing alright on this rainy 20th of Feburary here in San Francisco, and I hope you are too! We've got a ton of things to get into this week so let's dive right into it! Have y...

This Week in Spring - February 14th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! Friends, tomorrow is Valentine's day, and I love Spring. So, it's a very exciting thing indeed to be able to share this week's jam-packed roundup. Let's dive right into it! Spring Tools 4.21.1 is now available In the latest...

This Week in Spring - December 12th, 2023

Hi, Spring fans! Welcome to a new installment of This Week in Spring! We've got a ton of stuff to get into, so let's dive right in! Laur Spilca and I look at how to ugprade a Spring Security 5.x application to Spring Security 6.x. Apache SkyWalking with Sheng Wu and Apache ShardingSphere with...

This Week in Spring - December 5th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! today, Spring Cloud, based on Spring Boot 3.2, goes GA! Don't miss this! I love this blog by Spring Framework legend Sébastien Deleuze on CDS with Spring Framework 6.1 I really enjoyed this discussion with Spring Security...

A Bootiful Podcast: Azul Deputy CTO Simon Ritter

Hi, Spring fans! In this week's installment I talk to Azul Deputy CTO Simon Ritter @speakjava, recorded live at Devoxx Belgium 2023!...

A Bootiful Podcast: VMware vice president Betty Junod

Hi, Spring fans! In this installment Josh Long talks to VMware vice president Betty Junod about VMware, its amazing ecosystem, and so much more...

Paketo Buildpacks Bionic End Of Support

The Spring Boot plugins for Maven and Gradle provide the ability to build Docker images using Cloud Native Buildpacks. By default, Spring Boot uses the CNB builders provided by the Paketo Buildpacks project. What's Changed The Paketo Buildpacks project has announced that Ubuntu 18.04 Bionic-based...

This Week in Spring - September 12th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! How are you this fine 12th of September? I'm doing alright, elated, even. I've just returned from beautiful Oslo, Norway, and I've got a busy 30 days or so ahead, starting today. I'm visiting Seattle, WA; Mexico City, Mexico;...

This Week in Spring - May 2, 20223

Hi, Spring fans! Welcome to another installment of This Week in Spring! You realize it's already May, 2023? Time's flying, way too quickly! I just got back from Bangalore, India, where I spoke at the amazing Great International Developer Summit, one of the all time best shows ever, and now I'm...