924 matches found
A Bootiful Podcast: Oracle Java Developer Advocate Nicolai Parlog on the latest and greatest in Java
Hi, Spring fans! In this installment, I talk to Oracle Java Developer Advocate Nicolai Parlog on the latest and greatest in Java...
This Week in Spring - February 14th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! Friends, tomorrow is Valentine's day, and I love Spring. So, it's a very exciting thing indeed to be able to share this week's jam-packed roundup. Let's dive right into it! Spring Tools 4.21.1 is now available In the latest...
A Bootiful Podcast: Dr. Venkat Subramaniam, on the latest in Java
Hi, Spring fans! In this installment the good and the great Dr. Venkat Subramaniam rejoins the show, live from the fantastic VOXXED DAYS CERN event, to talk about some of the amazing features in Java 21...
Spring Tips: Spring Boot Testjars
Hi, Spring fans! In this installment we look at the brand new Spring Boot Testjars project, which greatly simplifies standing up and reusing satellite Java-based services like other Spring Boot-based microservices or infrastructure like the Spring Authorization Server. springboot java java21...
Spring Tips: Spring AI
Hi, Spring fans! In this installment we'll look at the new Spring AI project, which provides convenient integrations with LLMs like the one behind ChatGPT and tools to support the RAG retrieval augmented generation pipeline. ai springboot artificialintelligence java graalvm cloud java21 postgresq...
This Week in Spring - February 6th
Hi, Spring fans! Welcome to another installment of the rip-roarin' adventure that is This Week in Spring! We've got a lot to look at, as usual, so let's dive right into it! in last week's installment of A Bootiful Podcast, I talked to Gunnar Morling, who created the 1BRC 1 Billion Row Challenge...
A Bootiful Podcast: Gunnar Morling on the 1BRC challenge and taking Java to BLAZING fast performance territory
Hi, Spring fans! In this installment, I talk to fellow Java Champion Gunnar Morling, and we look at how his 1BRC challenge helped the community eek out some of Java's best performance numbers...
Spring Tips: easy CQRS with Axon Framework
Hi, Spring fans! In this installment I'm joined by Axon Framework founder Allard Buijze and we look at the new integrations for Spring Boot developers in Axon Framework and AxonIQ Server. Special thanks to AxonIQ for the keynote video replay. Check out for more great stuff! java java21 axon...
local information disclosure via temporary directory created with unsafe permissions
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in...
This Week in Spring - January 30th, 2024
Hi, Spring fans! It's January 30th, and it's a very special week for me as, tomorrow, I celebrate my birthday and the birthday of my biological father with whom I share the same birthday! Happy birthday, dad! Sadly, he passed in 2019. I'm pretty excited! I'm turning 40. Feels good. Almost as good...
A Bootiful Podcast: Spring trainer extraordinairre Patrick Baumgartner
Hi, Spring fans! In this installment, I talked to Spring trainer extraordinaire, long-time community contributor, and Voxxed Days co-organizer for various shows in Switzerland. This talk was recorded live at Voxxed Days CERN!...
This Week in Spring - January 23rd, 2024
Hi, Spring fans, and greetings from CERN, home of the famous Large Hadron Collider, where I'm speaking again at the VOXXED Days CERN 2017 event. It's been an amazing almost week here in lovely Switzerland, first in Lugano for VOXXED Days Ticino, and now in Geneva. I'm super excited to be here, bu...
CVE-2024-22233: Spring Framework server Web DoS Vulnerability
The Spring Framework 6.0.16 and 6.1.3 releases shipped on January 11th includes a fix for CVE-2024-22233. The Spring Boot 3.1.8 and 3.2.2 releases shipped last week upgrade to the relevant Spring Framework versions. Users are encouraged to update as soon as possible...
Spring Framework server Web DoS Vulnerability
In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: Typically, Spring Boot applications need the...
Spring Security 6.3 Adds Passive JDK Serialization/Deserialization for Seamless Upgrades
In the early versions of Spring Security, a deliberate decision was made to avoid providing any guarantee of compatibility for serialized classes via JDK serialization between different versions of the project. This decision primarily took into account the context of RMI, with the recommendation...
A Bootiful Podcast: programming language archaeologist Ted Neward
Hi, Spring fans! In this installment, I talk to programming language archaeologist Ted Neward...
This Week in Spring - January 16th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the 16th of January already! We're closer to February than not! I can hardly believe it. As always, we've got a lot to cover so let's dive right into it. the Spring Authorization Server 1.3.0-m1 is now available this is...
A Bootiful Podcast: Apache Skywalking’s Sheng Wu and Apache ShardingSphere’s Trista Pan
Hi, Spring fans! In this installment we're joined by two Apache luminaries Trista Pan - of Apache ShardingSphere - and Sheng Wu - of Apache Skywalking...
Spring Tips: Spring Data JDBC
Hi, Spring fans! In this installment, Josh Long looks at the fantastic Spring Data JDBC project, which is one of the easiest and most powerful ways to leverage JDBC in a Spring Boot application...
This Week in Spring - January 9th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's the second week of 2024, and I am already thinking about 2025! And, a bit more immediatelt than that: the next two weeks. I'll be at both VOXXED DAYS Ticino and VOXXED DAYS CERN, both in Switzerland. If you're about, com...
A Bootiful Podcast: Kubernetes guru Leigh Capili helps us ring in the new year
Hi, Spring fans! And Happy new year! In this episode I talk to Kubernetes guru Leigh Capili, who helps us ring in the new year!...
This Week in Spring - January 2nd, 2024
Hi, Spring fans! Happy New Year! As we step into 2024, full of hope and enthusiasm, welcome to the first installment of This Week in Spring. It's a time for new beginnings and resolutions, and what better way to start than by exploring the ever-evolving world of Spring? I hope your new year...
A Bootiful Podcast: Trifork CTO Joris Kuipers
Hi, Spring fans! In this installment, Josh Long talks to longtime Spring community legend and Trifork CTO Joris Kuipers. Happy new year!...
This Year in Spring - 2023
Welcome to another installment of This Week in Spring! It's December 26th, 2023, and we're staring down the new year! And you know what that means, right? It's time for our annual roundup, looking at all the latest and greatest in the wild and wonderful world of Springdom. This is This Year in...
A Bootiful Podcast: Cloud Native Whitney Lee
Hi, Spring fans! In this installment, I talk to legendary Cloud Native Whitney Lee about cloud infrastructure, that one trick every dev must know, her new operations-centric gameshow, and more. Happy holidays to y'all!...
This Week in Spring - December 19th, 2023
Hi, Spring fans! Welcome to another oh-so-festive edition of This Week in Spring! the Spring Authorization Server 1.2.1, 1.1.14, and 0.4.5, are now available Spring AMQP 3.1.1 is now available Spring Security 5.8.9, 6.1.6, 6.2.1 are now available Spring for Apache Kakfa 3.1.1 is now available...
A Bootiful Podcast: Microcks.io contributors Laurent Broudoux and Yacine-Kheddache
Hi, Spring fans! In this installment, I talk about the wide world of AI and then discuss microservice testing with Microcks.io contributors and founders Laurent Broudoux and Yacine-Kheddache. This was recorded live from Devoxx BE 2023!...
This Week in Spring - December 12th, 2023
Hi, Spring fans! Welcome to a new installment of This Week in Spring! We've got a ton of stuff to get into, so let's dive right in! Laur Spilca and I look at how to ugprade a Spring Security 5.x application to Spring Security 6.x. Apache SkyWalking with Sheng Wu and Apache ShardingSphere with...
A Bootiful Podcast: Spring creator Rod Johnson and Oracle vice president Heather VanCura
Hi, Spring and software fans! In this installment of the show we have Spring creator and investor Rod Johnson and Oracle vice president Heather VanCura on the show to talk about the premise of her new book - Developer Career Masterplan, coauthored with fellow Java luminary Bruno Souza: building...
This Week in Spring - December 5th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! today, Spring Cloud, based on Spring Boot 3.2, goes GA! Don't miss this! I love this blog by Spring Framework legend Sébastien Deleuze on CDS with Spring Framework 6.1 I really enjoyed this discussion with Spring Security...
CDS with Spring Framework 6.1
As a follow-up to the Runtime efficiency with Spring blog post, I am happy to share that our exploration of Project Leyden optimizations has led to some interesting discoveries regarding the JDK's little-used CDS "Class Data Sharing" feature and has materialized into a new feature that we have be...
A Bootiful Podcast: Spring Security legend Laura Spilca joins us to talk Spring Authorization Server and upgrading to Spring Boot 3
Hi, Spring fans! This week, my first as an employee of Broadcom, I am joined by Spring Security community legend Laura Spilca and we talk about all things security, OAuth, and more...
This Week in Spring - 28 November, 2023
Hi, Spring fans! I hope everyone who celebrated Thanksgiving had a wonderful time. Did you indulge in too much turkey? Anyway, let's jump into this week's edition of This Week in Spring—a particularly special one for a couple of reasons. First, it's our first issue after the launch of Spring Boot...
Reactor Netty HTTP Server Metrics DoS Vulnerability
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable if Reactor Netty HTTP Server built-in...
CVE-2023-34053, CVE-2023-34055: Spring Framework and Spring Boot vulnerabilities
Updates 11-27 Blog posts updated to refer to the CVE reports published The Spring Framework 6.0.14 release shipped on November 16th includes a fix for CVE-2023-34053. The Spring Boot 2.7.18 release shipped on November 23th includes fixes for CVE-2023-34055. Users are encouraged to update as soon ...
Spring Boot server Web Observations DoS Vulnerability
In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true:...
Spring Tips: Spring Boot 3.2
Hi, Spring fans! In this installment of Spring Tips, I look at the new Spring Boot 3.2 release, due to drop today, the 23rd of November 2023! 23-11-23! We're diving into the cool new features of Spring Boot 3.2 and Java 21. We'll explore how virtual threads from Project Loom make your code run...
A Bootiful Podcast: iText Creator Bruno Lowagie
Hi, Spring fans! We're releasing Spring Boot 3.2 today! And it's Thanksgiving in the USA Happy Thanksgiving!. So, we wanted to celebrate with an amazing episode, and so today's guest is opensource legend Bruno Lowagie. Enjoy!...
This Week in Spring - Spring Boot 3.2 edition - November 21st, 2023
Hi, Spring fans! Welcome to another epic installment of This Week in Spring! As amazing as the week's already been, it's all leading up to this Thursday - Thanksgiving day! - when we release Spring Boot 3.2! and yes, I am very grateful. This release is stuffed to the gills with a ton of new...
A Bootiful Podcast: Google Developer Advocate, Java legend, Alexis Moussine Pouchkine
Hi, Spring fans! Happy Thanksgiving to those who celebrate! Have you tried out Spring Boot 3.2? It comes out NEXT week on the 23rd! Get the bits and try them out now! This week I am joined by Google Developer Advocate, Java legend, Alexis Moussine Pouchkine...
Directory Traversal in Reactor Netty HTTP Server
In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured t...
This Week in Spring - November 14th, 2023
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's November 14th, and you know what that means? NINE MORE DAYS until Spring Boot 3.2 drops on the day of the US holiday of Thanksgiving, no less! Some key features include: virtual threads initial CRaC support more...
A Bootiful Podcast: Azul Deputy CTO Simon Ritter
Hi, Spring fans! In this week's installment I talk to Azul Deputy CTO Simon Ritter @speakjava, recorded live at Devoxx Belgium 2023!...
This Week in Spring - November 7th, 2023
Hi, Spring fans! Can you believe we've already turned the calendar page to November? Time sure is a swift developer, deploying months as if they were minor versions in an ever-evolving application. As we adjust our clocks to fall back, waving a reluctant goodbye to daylight savings time, the...
SSL hot reload in Spring Boot 3.2.0
In Spring Boot 3.2.0, we're adding the ability for embedded web servers to hot-reload SSL certificates and keys. That means you can rotate your SSL trust material without restarting your application. Hot reloading is supported for Tomcat and Netty embedded web servers. Let's see that in action!...
A Bootiful Podcast: GraalVM founder and Oracle vice president Thomas Wuerthinger
Hi, Spring fans! In this installment Josh Long talks to Oracle vice president Thomas Wuerthinger about the project he created and leads, GraalVM. This was recorded live from Devoxx Belgium 2023!...
This Week in Spring - October 31st, 2023
Hi Spring fans, and Happy Halloween from the Spring team to those who celebrate! I hope your evening is fun and your day free of scary bugs! My friends, we've got some interesting stuff to look at this week so let's dive right into it. A Bootiful Podcast: Mr. Spring in Action, Craig Walls Spring...
What new is coming in reactor-core 3.6.0?
Reactor 3.6.0 is coming and going to be GA on November 14. This blogpost describes new features that are included in this upcoming release! Virtual Threads support Today, everyone talks about Java 21 and Project Loom. The Project Reactor team hears that and sees value in that project within our...
A Bootiful Podcast: Mr. Spring in Action, Craig Walls
Hi, Spring fans! This week, I'm joined by one of my longtime heroes and fellow Disney fans, Craig Walls @habuma. He wrote the most popular book on Spring, Spring in Action, while helping the world stay connected with efforts like Spring Social. This episode was recorded live at SpringOne 2023, in...
A Use Case for Transactions: Outbox Pattern Strategies in Spring Cloud Stream Kafka Binder
Other parts in this blog series Part 1: Introduction to Transactions in Spring Cloud Stream Kafka Applications Part 2: Producer Initiated Transactions in Spring Cloud Stream Kafka Applications Part 3: Synchronizing with External Transaction Managers in Spring Cloud Stream Kafka Applications Part ...