Dear Spring community,

On behalf of the team and all the contributors, it’s my pleasure to announce a Release Candidate 1 for Spring Integration 5.5, plus Spring Integration 5.4.6 & 5.3.7 patch versions.

The latest two can be downloaded from Maven Central and it is recommended to upgrade your projects or just pull them transitively from respective latest Spring Boot patch versions!

The Release Candidate is available from the https://repo.spring.io/milestone/ repository:

compile 'org.springframework.integration:spring-integration-core:5.5.0-RC1'

Here is a highlight of changes made to Spring Integration 5.5 RC1 since previously announced Milestone 3…

Dear Spring community,

On behalf the team and external contributors, it’s my pleasure to announce a Milestone 3 release for Spring Integration 5.5, plus Spring Integration 5.4.5 patch version.

The latest one can be downloaded from Maven Central:

compile 'org.springframework.integration:spring-integration-core:5.4.5'

and it is recommended to upgrade your projects or just pull it transitively from just released Spring Boot 2.4.4!

The Milestone is available from the https://repo.spring.io/milestone/ repository:

compile 'org.springframework.integration:spring-integration-core:5.5.0-M3'

The 5.5 generation of Spring Integration is the last one in the line before we start 6.0 and it is mostly based on the community feedback and usability needs. For example we have reworked some warning messages in logs to the fail-fast errors during configuration phase. Plus some API was deprecated with possible removal in the next major version. So, be sure check the Migration Guide…

Dear Spring community,

On behalf of the team and everyone who contributed, it is my pleasure to announce 1.0.4.RELEASE version for Spring Integration Zip extension.

CVE-2021-22114

The UnZipTransformer doesn’t cover all the cases for Zip Slip Vulnerability and some particular zip entry names may still end up outside of working directory.

The updated fix has been released in the spring-integration-zip-1.0.4.RELEASE version together with some other bug fixes and improvements. We also have published a new advisory for CVE-2021-22114.

Credit: Trung Pham, Viettel Cyber Security.

Everybody who’s…

Dear Spring Community,

Today it’s my pleasure to announce releases of Spring Integration for Amazon Web Services extension versions 2.3.5.RELEASE & 2.4.0, and Spring Cloud Stream Binder for AWS Kinesis versions 2.0.4.RELEASE & 2.1.0.

These releases can be downloaded from Maven Central, JCenter:

compile "org.springframework.integration:spring-integration-aws:2.3.5.RELEASE"

If you don’t use Kinesis Binder. Or via Binder dependency:

compile "org.springframework.cloud:spring-cloud-stream-binder-kinesis:2.0.4.RELEASE"

Mostly these versions have bug fixes and some community feedback refinements…

Dear Spring community,

On behalf the team and everybody contributed, it’s my pleasure to announce that last week we released general availability for Spring Integration 5.4.

It can be downloaded from Maven Central:

compile 'org.springframework.integration:spring-integration-core:5.4.0'

Here is a summary of features and improvements for this Spring Integration generation:

• R2DBC channel adapters;

• ZeroMQ proxy, message channel and channel adapters;

• Redis Streams channel adapters (which are reactive);

• The spring-integration-kafka extension has been moved to the core project and, alongside with an upgrade to the latest Spring for Apache Kafka 2.6.2, includes some improvements;

• The RenewableLockRegistry is implemented for the JdbcLockRegistry.

…

This article is part of a blog series that explores the newly redesigned Spring Cloud Stream applications based on Java Functions. In this episode, we are investigating the Aggregator function and its relationship with the Splitter function. We will see how we can customize the default behavior. We will also take a look at the importance of configuring a shared message store for the aggregator.

Here are all the previous parts of this blog series.

• Introducing Function Based Streaming Applications

• Function Composition with Streaming Applications

• How to Build a Supplier and Source Application

• How to Build a Consumer and Sink Application

• Build and Run a Simple Stream Application

• Case Study: HTTP Request Function and Processor

• Case Study: File Source and MongoDB Sink

• Case Study: Relational Database Source and File Sink

• Case Study: Remote File Ingest with Spring Cloud Data Flow

…

Dear Spring community,

it’s my pleasure to announce the first (and the last) release candidate for Spring Integration 5.4 generation.

It can be downloaded from our milestone repository:

compile 'org.springframework.integration:spring-integration-core:5.4.0-RC1'

Since the previous milestone 3 this release brings more into bug fixes and some internal improvements according Project Reactor changes with processors.

The most notable features in this release are:

• The LogAccessor abstraction from Spring Framework is now used internally for better code readability;

• The ZeroMqMessageHandler and ZeroMqMessageProducer components are now available for one-way interaction with ZeroMq;

• The ReactiveRedisStreamMessageProducer now provides an error handling logic via sending an ErrorMessage to the errorChannel;

• The AbstractMailReceiver now has an option to not fetch a MimeMessage content eagerly and lets the downstream flow to decide what and how to do with such a mail message.

…

Dear Spring community,

please, meet the third (and the last) milestone for Spring Integration 5.4 generation.

It can be downloaded from our milestone repository:

compile 'org.springframework.integration:spring-integration-core:5.4.0-M3'

Since the previous milestone 2 this release brings number of bug fixes and some internal improvement, including alignment with new Sink API from project Reactor in the FluxMessageChannel and IntegrationReactiveUtils.

See What’s New in documentation for more information.

This version is going to be pulled in the upcoming Spring Boot 2.4.0-M3 release tomorrow.

…

Dear Spring community,

On behalf of the team and everyone who contributed, it is my pleasure to announce the second milestone for Spring Integration 5.4 generation.

It can be downloaded from our milestone repository:

compile 'org.springframework.integration:spring-integration-core:5.4.0-M2'

This version continues a story since milestone 1 for aggressive dependencies upgrades and deprecation removals, including legacy metrics.

Some key highlights in this milestone alongside with the number of bugfixes and refactorings:

• The fix for CVE-2020-5413;

• An Inbound Channel Adapter for R2DBC;

• A Reactive Message Producer implementation for Redis Stream;

• A ZeroMqChannel is implemented, too;

• The RMI module is deprecated now.

…

Dear Spring community,

On behalf of the team and everyone who contributed, it is my pleasure to announce a number of maintenance releases for Spring Integration. Mostly these versions contain bug fixes and dependency upgrades.

CVE-2020-5413

The Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when the incoming data contains malicious code for execution during deserialization.

In order to protect against this type of attack, Kryo can be configured to require a set of trusted classes for (de)serialization. Spring Integration calls kryo.setRegistrationRequired(true); (trust no one) by default and pre-configures out-of-the-box Message<?> implementations as trusted classes. All other types have to be registered with Kryo using any available KryoRegistrar strategy injected into a PojoCodec…