924 matches found
Elasticsearch auto-configuration with an SSL bundle disables TLS hostname verification
When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server...
User Attribute Enumeration when Using DaoAuthenticationProvider
If an application is using the UserDetailsisEnabled , isAccountNonExpired , or isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider 's timing attack defense can be bypassed for users who are disabled, expired, or locked...
Spring AI Agentic Patterns (Part 7): Session API — Event-Sourced Short-Term Memory with Context Compaction
A New Session API for Spring AI — Structured, Compactable, Multi-Agent-Ready Part 7 of theSpring AI Agentic Patterns series completes the memory picture. After covering Agent Skills, AskUserQuestionTool, TodoWriteTool, Subagent Orchestration, A2A Integration, and AutoMemoryTools for long-term...
This Week in Spring - April 14th, 2026
Hi, Spring fans! ¡Hola from Barcelona, Spain! I'm at the amazing Spring I/O event, hanging out with some of the amazing Spring ecosystem developers! Life is amazing here in the warm sun of springtime. There's a lot to look at this week, so let's dive right into it! Another nice tutorial on how to...
Spring Office Hours Podcast: S5E12 - Developer Soft Skills with Arun Gupta
Join Dan Vega and DaShaun Carter for another essential update from the Spring ecosystem. In this episode, the guys are joined by DevRel and Java legend Arun Gupta to discuss a topic often overlooked but vital for career longevity: soft skills for developers. Drawing from his decades of experience...
Blending Chat with Rich UIs with Spring AI and MCP Apps
The way humans typically interact with AI is via a chat-style interface such as ChatGPT or Claude Desktop. In fact, the ability to converse with an AI in natural language is perhaps one of the most amazing things about this technology. It lets humans talk to computers in human terms, rather than...
This Week in Spring - March 17th, 2026
Hi, Spring fans! Welcome to another rip-roaring installment of This Week in Spring , which I'm posting ahead of my keynote at the amazing JavaOne 2026 event here in sunny San Francisco, California! I love Piotr's latest post on using local AI models with LM Studio and Spring AI Did you see the ne...
A Bootiful Podcast: Spring Messaging Legend Soby Chacko
Hi, Spring fans! In this installment, we talk with the legendary Soby Chacko about Apache Kafka, Spring AI, and much more! apachekafka kafka...
This Week in Spring - March 10th, 2026
Hi, Spring fans! Welcome to another installment of This Week in Spring. As I write this, I am preparing for a trip to Rust, Germany, for one of the best Java conferences in Europe: JavaLand, along with its new companion event, DevLand. It should be fun. Will you be around? If so, say hi. We have ...
This Week in Spring - March 9th, 2026
Hi Spring fans! Welcome to another rip-roaring installment of This Week in Spring! I'm writing this in an Uber en route to the airport to get to awsome Atlanta, GA, for Devnexus 2026! Who's goin'? You goin'? We - the Spring team - will be there in force! Come say hi at the boothes or come see our...
A Bootiful Podcast: Neo4j legend Jennifer Reif
Hi, Spring fans! In this installment, I talk to Jennifer Reif, developer advocate at Neo4J, about graph RAG, graph databases, GraphQL, Neo4J, Spring Data Neo4J, and more. neo4j graphRag AI artificialintelligence...
This Week in Spring - February 17th, 2026
Hi, Spring fans! Welcome to another rip-roaring installment of This Week in Spring! It's Lunar New Year or Chinese New Year for billions of people around the world and to those who celebrate, Happy Chinese/Lunar New Year 新年快乐! Or Happy Spring Festival 春节快乐! My favorite kind of festival! In honor ...
A Bootiful Podcast: Java Champion and hilarious friend, Richard Fichtner
Hi, Spring fans! I've been waiting for this episode for so long! Today, we're finally joined by my friend Richard Fichtner, who so took pity on my plight waiting for music to be added to the GraalVM that his company, XDev Software, created the music-maven-plugin, the best Maven plugin, ever! This...
This Week in Spring - February 10th, 2026
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's February 10th, 2026, as I write this from lovely London, UK. I spoke at the local Java User Group here last night, had a wonderful time. Tomorrow, I'm going home. It's been fun, but it's time to conclude this roller...
A Bootiful Podcast: JetBrains and Spring community legend Marco Behler
hi, Spring fans! In this installment I have the privilege of talking to JetBrains legend Marco Behler...
This Week in Spring - January 13th, 2026
Hi, Spring fans, and welcome to another installment of This Week in Spring! It's the 13th of January, 2026, and it's been quite the week indeed! Let's dive right into it! Nobody, and I mean nobody , asked. So I put together a video on how to use Spring WS to build SOAP-based services in 2026. Hey...
Explainable AI Agents: Capture LLM Tool Call Reasoning with Spring AI
When building AI agents with tool calling capabilities, developers often need insights into why an LLM chose a particular tool—not just which tool it selected. Understanding the model's reasoning process is important for debugging, observability, and building trustworthy AI systems. Spring AI now...
A Bootiful Podcast: Spring cofounder Juergen Hoeller on the amazing Spring Framework 7 release
Hi, Spring fans! In this installment, we talk to the legendary cofounder of Spring itself, Juergen Hoeller, about the awesome new Spring Framework 7 release. Happy holidays, one and all!...
Next level Kotlin support in Spring Boot 4
Following the announcement of the strategic partnership between JetBrains and Spring in May, I would like to share a global update on various Kotlin-related features and documentation enhancements we have made recently, with the goal of making Spring Boot 4 the best framework to develop backend...
Towards Spring Tools 5 - Stereotypes and a new Structural View
When working on Spring projects, developers do not only think in terms of low-level concepts like classes and interfaces. When using Spring, you think about higher-level abstractions and concepts like services, repositories, configuration classes, entities, aggregate roots, and so on. To bring...
This Week in Spring - Spring Boot 4 edition! - November 25th, 2025
Hi, Spring fans! Welcome to another illustrious installment of This Week in Spring! It’s Thanksgiving week here in the United States. Thanksgiving is traditionally celebrated with friends and family every fourth Thursday of November, gathered around a table full of food and, usually, a giant...
This Week in Spring - November 10th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I am preparing for a flight to North Carolina first in flight!. This week's going to be busy, but next week even busier still! I'll be at AI By The Bay in San Francisco, AI Native Dev Con in NYC, and QCon SF i...
LLM Response Evaluation with Spring AI: Building LLM-as-a-Judge Using Recursive Advisors
The challenge of evaluating Large Language Model LLM outputs is critical for notoriously non-deterministic AI applications, especially as they move into production. Traditional metrics like ROUGE and BLEU fall short when assessing the nuanced, contextual responses that modern LLMs produce. Human...
A Bootiful Podcast: Oracle VP and GraalVM founder Thomas Wuerthinger
Hi, Spring fans! In this installment I talk to Oracle VP and GraalVM founder Thomas Wuerthinger, recorded at Devoxx 2025!...
Introducing Jackson 3 support in Spring
This is a new blog post in the Road to GA series, this time sharing more details on the new Jackson 3 support, just a few days after Jackson 3.0.0 GA release, about to be introduced in Spring Boot 4 and related Spring portfolio projects. Jackson is by far the most used JSON library on the JVM, an...
This Week in Spring - September 9th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I am home, ensconced in my studio here in somewhat sunny San Francisco, California, relaxing and trying to catch up on stuff I missed. As always, there's a ton! So let's dive right into it. Some of the amazing features that...
This Week in Spring - September 2nd, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in Frankfurt, awaiting my flight to the Java-tastic Javazone 2025 event where I'll be joined by the legendary James Ward to deliver an AI-focused look at the latest-and-greatest in Spring! And I'm still recovering from th...
A Bootiful Podcast: JobRunr founder Ronald Dehuysser on what's new in version 8
Hi, Spring fans! In this installment, fresh after an exciting and exhausting SpringOne 2025, I am thrilled to have talked with JobRunr founder Ronald Dehuysser on what's new in version 8.0.0. Learn more about JobRunr v8 here!...
This Week in Spring - August 26th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from the floor of SpringOne, live from lovely Las Vegas! As you can imagine, I've got to get back into it, so we'll make this one a quick one. And if you're here, be sure to say "hi"! In last week's A Bootifu...
This Week in Spring - August 19th, 2025
Hi, Spring fans! Welcome to another extra special installment of This Week in Spring - special because the next installment will be delivered from the floors of the Ventian where the extraordinairily awesome SpringOne 2025 event will take place! So, some poetry: T’was the Week Before SpringOne...
A Bootiful Podcast: José Paumard, Java developer advocate and professor
Hi, Spring fans! In this installment, recorded at Devoxx UK 2025, I talk to the legendary professor of computer science and legend José Paumard about Java, the ecosystem, and more,...
A Bootiful Podcast: Dr. Heinz Kabutz, a legendary Java Champion, teacher, and author of the Java Specialists newsletter!
Hi, Spring fans! In this installment, I talk to Dr. Heinz Kabutz, a legendary Java Champion, trainer, teacher, and author of the Java Specialists newsletter! This episode was recorded live at Devoxx UK 2025...
A Bootiful Podcast: Micrometer.io lead Tommy Ludwig on the latest-and-greatest in observability for the Spring developer
Hi, Spring fans! In this episode, I talk to Micrometer.io lead Tommy Ludwig on the latest-and-greatest in observability for the Spring developer...
A Bootiful Podcast: The legendary Daniel Garnier-Moiroux on security, AI, MCP, and more
Hi, Spring fans! In this installment I talk to the legendary Daniel Garnier-Moiroux on security, AI, MCP, and more, recorded live at Devoxx UK 2025...
A Bootiful Podcast: IntelliJ IDEA lead Aleksey Stukalov
Hi, Spring fans! In this installment I talk to IntelliJ IDEA lead Aleksey Stukalov...
A Bootiful Podcast: Donald Raab on Eclipse Collections
Hi, Spring fans! In this edition, we talk to Eclipse Collections founder Donald Raab...
This Week in Spring - May 13th, 2025
Hi, Spring fans! As I write this, I'm at the amazing Code Remix event in Miami well, technically Tampa, Florida. I'll also be speaking at the Tampa JUG while I'm there, so look out! After that, I'll be headed back to Europe—a wee bit further north this time—to Stockholm for the amazing JForum...
A Bootiful Podcast: Spring instructor Mary Ellen Bowman
Hi, Spring fans! In this installment I talk to Mary Ellen Bowman, a legendary Spring instructor!...
A Bootiful Podcast: HTMX creator Carson Gross
Hi, Spring and HTML fans! Today I talk to hypermedia enjoyer Carson Gross, creator of the ever popular HTMX library which eschews a ton of the complexity associated with building client side applications...
This Week in Spring - January 7th, 2025
Hi, Spring fans, and happy new year! It's been another super seven days since we last spoke and, as always, there's a lot to cover so let's dive right into it! A long time in coming, but it's finally here! Hello DCO, Goodbye CLA: Simplifying Contributions to Spring the Spring AI hits just keep on...
A Bootiful Podcast: PostgreSQL contributor Dave Cramer
Hi, Spring fans! Happy Thanksgiving to my American listeners! and happy Thursday to the everyone! In today's episode I talk to PostgreSQL and PostgreSQL JDBC contributor Dave Cramer. postgresql jdbc sql java...
Spring Security Authorization Bypass for Case Sensitive Comparisons
The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in authorization rules not working properly. Related to CVE-2024-38820...
Spring LDAP Spring LDAP sensitive data exposure for case-sensitive comparisons
The usage of String.toLowerCase and String.toUpperCase has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820...
A Bootiful Podcast: GraalVM founder and BDFL Thomas Wuerthinger on GraalPy, GraalVM, and so much more
Hi, Spring fans! In this installment I talk to GraalVM founder and benevolent dictator for life Thomas Wuerthinger, recorded live from Devoxx Belgium 2024!...
Authorization Bypass of Static Resources in WebFlux Applications
Spring WebFlux applications that have Spring Security authorization rules on static resources can be bypassed under certain circumstances. For this to impact an application, all of the following must be true:...
A Bootiful Podcast: Oracle Developer Advocate Andres Almiray
Hi, Spring fans! In this installment I talk to Oracle developer advocate Andres Almiray about the latest-and-greatest in the amazing Oracle database. Oracle SQL Java JConf...
Path traversal vulnerability in functional web frameworks (2nd report)
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...
A Bootiful Podcast: New York Java SIG chair and founder Frank Greco on community, AI, and more
Hi, Spring fans! In this installment, I talk to New York Java SIG chair and founder Frank Greco about AI, safety, Java, community, and more!...
A Bootiful Podcast: Tanzu's Cloud and Spring legend Chris Sterling
Hi, Spring fans! In this installment I talk to the Tanzu legend Chris Sterling, who works on making Spring an even more valuable part of a platform. This episode was recorded live at the epic SpringOne 2024 event!...
Missing Authorization When Using @AuthorizeReturnObject
Applications using @AuthorizeReturnObject or the Spring Security produced AuthorizationAdvisorProxyFactory @Bean to wrap objects may not have all security advice applied. When method security advice is not applied, it means that annotations like @PreFilter and @PreAuthorize may take no affect on...