-
Notifications
You must be signed in to change notification settings - Fork 34
Open
Labels
area/securitydependency/springTask is related to Spring FrameworkTask is related to Spring Frameworkimpact/changelogThis change should be reflected in the NEWS.txt fileThis change should be reflected in the NEWS.txt filekind/dependency-updateUpdate one of dependenciesUpdate one of dependencies
Milestone
Description
Changelogs:
- Spring Boot 2.4
- https://spring.io/blog/2020/04/30/updates-to-spring-versions
- https://spring.io/blog/2020/06/29/spring-boot-2-4-0-m1-is-now-available
- https://spring.io/blog/2020/08/14/spring-boot-2-4-0-m2-is-now-available
- https://spring.io/blog/2020/09/17/spring-boot-2-4-0-m3-available-now
- https://spring.io/blog/2020/10/15/spring-boot-2-4-0-m4-available-now
- https://spring.io/blog/2020/10/30/spring-boot-2-4-0-rc1-available-now
- https://spring.io/blog/2020/11/12/spring-boot-2-4-0-available-now
- https://spring.io/blog/2020/12/11/spring-boot-2-4-1-available-now
- https://spring.io/blog/2021/01/14/spring-boot-2-4-2-available-now
- https://spring.io/blog/2021/02/18/spring-boot-2-4-3-is-now-available
- https://spring.io/blog/2021/03/18/spring-boot-2-4-4-available-now
- https://spring.io/blog/2021/04/15/spring-boot-2-4-5-available-now
- https://spring.io/blog/2021/05/20/spring-boot-2-4-6-available-now
- https://spring.io/blog/2021/06/10/spring-boot-2-4-7-available-now
- https://spring.io/blog/2021/06/24/spring-boot-2-4-8-is-now-available
- https://spring.io/blog/2021/07/22/spring-boot-2-4-9-is-now-available
- https://spring.io/blog/2021/08/19/spring-boot-2-4-10-is-now-available
- https://spring.io/blog/2021/09/22/spring-boot-2-4-11-available-now
- https://spring.io/blog/2021/10/21/spring-boot-2-4-12-is-now-available
- https://spring.io/blog/2021/11/18/spring-boot-2-4-13-available-now
- https://spring.io/blog/2021/01/17/what-s-new-in-spring-boot-2-4 (video)
- Spring Framework 5.3
- https://spring.io/blog/2020/06/25/first-spring-framework-5-3-milestone-released
we are revisiting our JDBC support: e.g. introducing queryForStream operations on JdbcTemplate
- https://spring.io/blog/2020/08/11/spring-framework-5-3-0-m2-available-now
- https://spring.io/blog/2020/09/15/spring-framework-5-3-goes-rc1
- https://spring.io/blog/2020/10/13/spring-framework-5-3-0-rc2-available-now
- https://spring.io/blog/2020/10/27/spring-framework-5-3-goes-ga
- https://spring.io/blog/2020/11/10/spring-framework-5-3-1-and-5-2-11-available-now
- https://spring.io/blog/2020/12/09/spring-framework-5-3-2-5-2-12-5-1-20-5-0-20-and-4-3-30-available-now
- https://spring.io/blog/2021/01/11/spring-framework-5-3-3-available-now
- https://spring.io/blog/2021/02/16/spring-framework-5-3-4-and-5-2-13-available-now
- https://spring.io/blog/2021/03/16/spring-framework-5-3-5-available-now
- https://spring.io/blog/2021/04/13/spring-framework-5-3-6-and-5-2-14-available-now
- https://spring.io/blog/2021/05/12/spring-framework-5-3-7-and-5-2-15-available-now (fixes CVE-2021-22118)
- https://spring.io/blog/2021/06/09/spring-framework-5-3-8-available-now
- https://spring.io/blog/2021/07/14/spring-framework-5-3-9-and-5-2-16-available-now
- https://spring.io/blog/2021/09/15/spring-framework-5-3-10-and-5-2-17-available-now
- https://spring.io/blog/2021/10/14/spring-framework-5-3-11-and-5-2-18-available-now (fixes CVE-2021-22096)
- https://spring.io/blog/2021/10/21/spring-framework-5-3-12-available-now
- https://spring.io/blog/2021/11/11/spring-framework-5-3-13-available-now
- https://spring.io/blog/2021/12/16/spring-framework-5-3-14-and-5-2-19-available-now (fixes CVE-2021-22060)
- https://spring.io/blog/2022/01/13/spring-framework-6-0-0-m2-and-5-3-15-available-now
- https://spring.io/blog/2022/02/17/spring-framework-5-3-16-available-now
- https://spring.io/blog/2022/03/17/spring-framework-6-0-0-m3-and-5-3-17-available-now (fixes CVE-2022-22950)
- https://github.com/spring-projects/spring-framework/releases/tag/v5.3.18
- https://spring.io/blog/2022/04/13/spring-framework-5-3-19-and-5-2-21-available-now (fixes CVE-2022-22968)
- https://spring.io/blog/2022/05/11/spring-framework-5-3-20-and-5-2-22-available-now (fixes CVE-2022-22970 and CVE-2022-22971)
- https://spring.io/blog/2022/06/15/spring-framework-5-3-21-available-now
- https://spring.io/blog/2022/07/14/spring-framework-6-0-0-m5-and-5-3-22-available-now
- https://spring.io/blog/2022/09/15/spring-framework-6-0-0-m6-and-5-3-23-available-now
- https://spring.io/blog/2022/11/16/spring-framework-5-3-24-available-now
- https://spring.io/blog/2023/01/11/spring-framework-5-3-25-available-now
- https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861 (fixes CVE-2023-20860 and CVE-2023-20860)
- https://spring.io/blog/2023/04/13/spring-framework-6-0-8-5-3-27-and-5-2-24-release-fix-cve-2023-20863 (fixes CVE-2023-20863)
- https://spring.io/blog/2023/06/15/spring-framework-5-3-28-and-6-0-10-available-now
- https://spring.io/blog/2023/07/13/spring-framework-5-2-25-release-5-3-29-and-6-0-11-available-now
- https://spring.io/blog/2023/09/14/spring-framework-5-3-30-and-6-0-12-available-now
- https://spring.io/blog/2023/11/16/spring-framework-5-3-31-and-6-0-14-available-now
- https://spring.io/blog/2024/02/15/spring-framework-6-1-4-6-0-17-and-5-3-32-available-now (fixes CVE-2024-22243)
- https://spring.io/blog/2024/03/14/spring-framework-6-1-5-6-0-18-and-5-3-33-available-now-including-fixes-for (fixes CVE-2024-22259)
- https://spring.io/blog/2024/04/11/spring-framework-6-1-6-6-0-19-and-5-3-34-available-now-including-fixes-for (fixes CVE-2024-22262)
- https://spring.io/blog/2024/05/16/spring-framework-6-1-7-6-0-20-and-5-3-35-available-now
- https://spring.io/blog/2024/05/22/spring-framework-6-1-8-6-0-21-and-5-3-36-available-now
- https://spring.io/blog/2024/06/13/spring-framework-6-1-9-6-0-22-and-5-3-37-available-now
- https://github.com/spring-projects/spring-framework/releases/tag/v5.3.38
- https://spring.io/blog/2024/08/14/spring-framework-6-1-12-6-0-23-and-5-3-39-available-now (the last open source release) (fixes CVE-2024-38808 and CVE-2024-38809)
- https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-5.3-Release-Notes
- https://spring.io/blog/2020/06/30/url-matching-with-pathpattern-in-spring-mvc
we expect Spring MVC applications to switch to using PathPattern instead of AntPathMatcher to take advantage of efficiency gains, improved syntax, and a more predictable way of dealing with URL path issues
- https://spring.io/blog/2020/11/10/new-in-spring-5-3-improved-cron-expressions
- added
@Scheduled(cron = "@hourly"),L,Wand#extra modifiers
- added
- https://spring.io/blog/2020/06/25/first-spring-framework-5-3-milestone-released
- Spring Security 5.4
- https://spring.io/blog/2020/05/07/spring-security-5-4-0-m1-released
- https://spring.io/blog/2020/07/02/spring-security-5-4-0-m2-released
- https://spring.io/blog/2020/08/14/spring-security-5-4-0-rc1-released
- https://spring.io/blog/2020/09/10/spring-security-5-4-goes-ga
- https://spring.io/blog/2020/10/08/spring-security-5-4-1-5-3-5-5-2-7-5-1-13-5-0-19-4-2-19-released
- https://spring.io/blog/2020/12/03/spring-security-5-4-2-5-3-6-and-5-2-8-released
- https://spring.io/blog/2021/02/11/spring-security-5-4-4-5-3-8-and-5-2-9-released
- https://spring.io/blog/2021/02/18/spring-security-5-4-5-released
- https://spring.io/blog/2021/04/12/spring-security-5-2-10-5-3-9-and-5-4-6-released
- https://spring.io/blog/2021/06/22/spring-security-5-5-1-5-4-7-5-3-10-and-5-2-11-released (fixes CVE-2021-22119)
- https://github.com/spring-projects/spring-security/releases/tag/5.4.8
- https://github.com/spring-projects/spring-security/releases/tag/5.4.9
- https://spring.io/blog/2021/12/20/spring-security-5-2-15-5-3-13-5-4-10-5-5-4-and-5-6-1-released
- https://docs.spring.io/spring-security/site/docs/5.4.0/reference/html5/#new
- https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter
- Action points:
-
pom.xml: consider removingspring-framework.versionandspring-security.version -
MvcConfig: remove deprecation and usage ofsetUseSuffixPatternMatch()during upgrade to Spring Framework 5.3 - try to
WebSecurityConfigurerAdapterwithSecurityFilterChainbean(s) (see spring-security#8804, commit and blog post) - revise
RequestRejectedExceptionhandling (seehttps://github.com/spring-projects/spring-security/issues/5007andhttps://github.com/spring-projects/spring-security/pull/7052) - put back dependency on
junit-vintage-engine - consider using
spring.h2.console.settings.web-admin-passwordproperty - replace
spring.profilesbyspring.config.activate.on-profile - consider adopting profile groups
- migrate
spring.mvc.*andspring.resources.*properties - consider switching to
PathPatternParser(see blog post) - try to enable
spring.spel.ignore property to remove SpEL support for applications not using it - try to enable
spring.xml.ignore property to remove XML support for applications not using it, including related converters and codecs - specify version for
exec-maven-plugin
-
Should be done after #1244
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
area/securitydependency/springTask is related to Spring FrameworkTask is related to Spring Frameworkimpact/changelogThis change should be reflected in the NEWS.txt fileThis change should be reflected in the NEWS.txt filekind/dependency-updateUpdate one of dependenciesUpdate one of dependencies