Spring News Roundup: Milestone Releases of Boot, Security, Auth Server, Integration, AI and AMQP - Related to boot,, compliance, milestone, google, roundup:

Introduction to Service Mesh

Service mesh technology solves a fundamental operational problem in running distributed applications at an industrial scale: how to manage the interactions among the dozens, if not hundreds or thousands, of microservices that make a large-scale distributed application in a secure, reliable, and observable manner.

Before service mesh technology came along, deploying and running applications securely and reliably in a controlled manner was a labor-intensive undertaking that required detailed expertise in distributed application architecture and significant amounts of custom code. Fortunately, the introduction of the service mesh has standardized the tools, architecture and techniques that engineers use to get microservices to work well together in distributed architectures.

This post provides the essential information that decision-makers need when considering service mesh adoption. The sections that follow describe what a service mesh is and how it works, the benefits that a service mesh provides and the points to consider when adopting service mesh technology to manage a business’s distributed applications. Also, we’ll provide an overview of some particular service mesh solutions, as well as discuss the future of service mesh technologies overall.

Overview of Service Mesh and Its Significance.

A service mesh is an infrastructure layer that facilitates dependable and easily monitored communication among microservices. With the rising popularity of microservices and Kubernetes in organizations, there is a growing demand for a system to oversee communication between services. Service meshes meet this requirement by offering traffic control security elements and observability functions without modifying the application code.

Evolution of Service Mesh with Kubernetes and Microservices.

The advent of Kubernetes and microservices has brought about changes in the way applications are created and deployed. Initially, developers had to integrate networking components into their applications to manage service discovery, routing, load balancing and security. This method was inefficient and prone to errors in environments with a mix of programming languages and frameworks.

The service meshes were introduced as a solution to these challenges by abstracting networking complexities into an infrastructure layer. Service mesh technology injects sidecar proxies and uses a centralized control plane to handle traffic management, enforce security protocols and offer insights into application performance. This setup streamlines the development process and boosts the dependability and efficiency of microservices-driven applications.

Definition and Explanation of Service Mesh.

A service mesh acts as a layer encompassing services running within a distributed application that facilitates dependable and visible communication among microservices. It oversees how services interact with one another, handling tasks such as discovering services, distributing workloads evenly, recovering from failures, collecting metrics and monitoring performance.

By separating these activities from the application code, a service mesh lets developers concentrate on the core business processes without getting bogged down by network management challenges. In general, a service mesh consists of two elements: sidecar proxies and a control plane.

Sidecar proxies: Sidecar proxies work in tandem with every microservice instance. They oversee the flow of network data to and from the service, taking care of tasks such as directing traffic, distributing loads, verifying identities and safeguarding information. Using sidecar proxies guarantees that each service interacts securely and effectively with other services within the network.

Control plane: The control plane oversees the service mesh. It handles tasks such as setting up and overseeing the sidecar proxies, implementing policies and managing routing regulations throughout the mesh. Additionally, the control plane gathers telemetry information from the proxies to offer insights into the system’s efficiency and well-being.

Data plane: The data plane works with the sidecar proxies that manage the real-time communication between services. Its role is to handle outgoing requests and implement the settings and rules defined by the control plane.

Service Discovery and Secure Communication.

Service discovery: In the world of services, service discovery plays a role in enabling services to find and interact with each other. Within a service mesh setup, sidecar proxies take charge of service discovery duties, making sure that requests are directed to the right service instances. This flexible approach to discovery empowers services to adjust seamlessly without needing intervention.

Secure communication: A service mesh boosts security by encrypting the communication between services. Sidecar proxies oversee TLS (mTLS) authentication, guaranteeing that only approved services can interact with each other. This secure layer of communication safeguards information and deters entry by malicious actors into the underlying services.

Intelligent routing: Service meshes enable traffic routing based on set rules. This involves elements such as dividing traffic, which lets you direct it to service versions for testing or phased releases. Traffic control makes sure that requests are evenly spread out among service instances, boosting performance and dependability.

Load balancing: Balancing the load is a task supported by a service mesh. Sidecar proxies evenly spread out requests among the service instances to prevent any one instance from getting overwhelmed. This distribution of workload contributes to ensuring that services remain highly accessible and perform optimally.

Observability and Monitoring Capabilities.

Monitoring tools: Service meshes provide robust observability aspects, leveraging tools like Jaeger for tracing and Prometheus for metrics collection. These tools monitor the performance and health of services, offering insights into traffic patterns, latencies and error rates.

Distributed tracing: Distributed tracing is essential for understanding the flow of requests across microservices. By capturing trace data, a service mesh allows teams to pinpoint performance bottlenecks and diagnose issues more effectively. Tracing provides a comprehensive view of service interactions, helping optimize and troubleshoot complex systems.

Telemetry data: Telemetry is a capability by which a service mesh is configured to collect, store and investigation data about the mesh’s operational activities. Typically a service mesh uses built-in telemetry mechanisms such as logging, but a service mesh can also be configured to use tools such as Jaeger for tracing and Prometheus for collecting metrics data such as request/response activity.

The data these tools collect is crucial for monitoring the system’s health and performance, enabling proactive management and rapid response to issues.

Improved Security and Policy Enforcement.

A service mesh boosts the safety of applications built on microservices by enforcing security rules and procedures. By overseeing interactions among services a service mesh guarantees that information being transmitted is encrypted and shielded from entry malicious actors.

Mutual TLS (mTLS) authentication is an aspect of service meshes that enables encryption from end to end while also confirming the legitimacy of services. Moreover, service meshes enable detailed access-control policies that guarantee that only approved services can interact with each other.

A great thing about a service mesh is that it gives a view of what’s happening in microservices setups. When it works together with tools such as Prometheus for gathering metrics and Jaeger for tracing, service meshes let you dig into how services are doing. These tools help teams keep an eye on things, like request times, errors and how traffic flows, making it easier to spot and fix problems quickly.

The data the service mesh collects from the control plane helps make sure the system runs smoothly and stays reliable.

Efficient Traffic Management and Routing.

Service meshes provide traffic management functionalities that enhance the efficiency and dependability of microservices. Advanced routing options, like dividing traffic, enable teams to direct a segment of the traffic to service versions for testing or gradual implementation. This feature is crucial for deployment and canary releases.

Furthermore, service meshes deliver load-balancing capabilities by distributing incoming requests among service instances to avoid overload and guarantee consistent availability. These traffic management capabilities contribute to ensuring a responsive user interaction.

Streamlined Operations and Reduced Complexity.

By separating network management duties from the application code, a service mesh makes it easier for developers and operations teams to handle tasks efficiently. Developers can concentrate on creating business logic without the need to deal with integrating service discovery, load balancing or security protocols into their applications. Operations teams can take advantage of the management of policies and configurations provided by the service mesh’s control plane. This simplified method helps reduce the intricacy of managing microservices and enhances effectiveness.

Key Considerations for Adopting a Service Mesh.

Integration with Existing Infrastructure.

When you decide to implement a service mesh, it’s critical to make sure that it fits well with your setup. A service mesh should work smoothly with the tools, platforms and processes you already have in place to ensure a smooth transition.

Check if the service mesh can easily collaborate with your container orchestration platform (for example, Kubernetes), your CI/CD pipelines and monitoring solutions. An integrated service mesh helps reduce interruptions and makes the most of the infrastructure and tools you already use.

When selecting a service mesh, it’s significant to consider scalability. Make sure that the service mesh is capable of accommodating the size of your microservices setup and can adapt as your application grows. Assess how the service mesh affects your system’s performance and the load added by sidecar proxies. A scalable service mesh should deliver performance and minimal delays when adding more services and incurring higher traffic levels.

Choosing the Right Service Mesh Solution.

When choosing the best service mesh solution, it’s significant to take into account the various aspects of the service mesh, such as its feature set, user-friendliness, community backing and vendor support. Assess your organization’s requirements.

Compare the capabilities of different service mesh solutions. Some options are Istio, Linkerd, HashiCorp’s Consul and AWS App Mesh. Remember to factor in elements such as community assistance levels, documentation quality and the presence of functions for enterprises when finalizing your choice.

Istio is a widely adopted open source service mesh that provides a comprehensive set of attributes for traffic management, security and observability. It uses Envoy as the data plane management technology and offers robust policy enforcement, telemetry collection and load-balancing capabilities. Istio’s control plane manages configurations and policies, ensuring consistent and secure communication between services.

Linkerd is another popular open source service mesh designed for simplicity and performance. Initially developed by Buoyant, Linkerd focuses on providing lightweight, high-performance service mesh capabilities. It is particularly well-suited for Kubernetes environments and offers aspects such as service discovery, load balancing, and observability through integrated tools.

Consul, developed by HashiCorp, is a service mesh solution that emphasizes service discovery and secure service-to-service communication. It provides a powerful control plane for managing service configurations and policies, with built-in support for service discovery, health checking and distributed key-value storage. Consul integrates well with various platforms and can be used in both cloud native and traditional environments.

AWS App Mesh is a managed service mesh offering from Amazon Web Services (AWS) that simplifies the process of managing microservices on AWS. It integrates seamlessly with other AWS services and provides attributes such as traffic management, security, and observability. AWS App Mesh uses Envoy as its data plane management technology and offers a fully managed control plane, making it an attractive option for organizations using AWS infrastructure.

Increasing Adoption in Enterprise Environments.

Service meshes are gaining traction in enterprise environments due to their ability to simplify microservices management and enhance security. As more organizations transition to microservices architectures, the adoption of service meshes is expected to grow, driven by the need for robust traffic management, observability and security capabilities.

Evolution of Security and Observability elements.

The future of service meshes will likely see continued enhancements in security and observability functions. Integration with advanced security protocols, automated policy enforcement, and improved telemetry collection will help organizations maintain high levels of security and performance. The development of new observability tools and techniques will further enhance the ability to monitor and manage complex microservices environments.

Integration with AI and Machine Learning for Enhanced Capabilities.

AI and machine learning are poised to play a significant role in the evolution of service meshes. By leveraging AI and machine learning, service meshes can offer more intelligent traffic management, anomaly detection and predictive analytics. These advanced capabilities will enable organizations to proactively address performance issues, optimize resource utilization and improve overall system reliability.

Learn More About Service Mesh at The New Stack.

At The New Stack, we are dedicated to keeping you informed about the latest developments and best practices in service mesh technology. Our platform provides in-depth articles, tutorials, and case studies covering various aspects of service mesh, including tool reviews, implementation strategies and industry trends.

We feature insights from industry experts who share their experiences and knowledge about service mesh. Learn from real-world implementations and gain valuable tips on overcoming common challenges and achieving successful outcomes.

Stay updated with the latest news and developments in service mesh by regularly visiting our website. Our content helps you stay ahead of the curve, ensuring you have access to the most current information and resources. Join our community of developers, DevOps professionals, and IT leaders passionate about service mesh technology, and leverage our comprehensive resources to enhance your practices. Visit us at The New Stack at [website] for the latest updates and to explore our extensive collection of service mesh content.

Large Language Model (LLM)-based Generative AI services such as OpenAI or Google Gemini are enhanced at some tasks more so than others, advised Wei-Meng......

Tomasz Jakut reflects on the evolution of web design, recalling the days when tabl......

In this article, we will be implementing the MediatR and CQRS (Command Query Responsibility Segregation) pattern in our [website] Web API ......

Spring News Roundup: Milestone Releases of Boot, Security, Auth Server, Integration, AI and AMQP

There was a flurry of activity in the Spring ecosystem during the week of February 17th, 2025, highlighting milestone releases of: Spring Boot, Spring Security, Spring Authorization Server, Spring Integration, Spring AI and Spring AMQP.

Many of these releases are included in Spring Boot [website], [website] and [website].

The second milestone release of Spring Boot [website] delivers bug fixes, improvements in documentation, dependency upgrades and new elements such as: the ability to trigger a Quartz job on-demand via an actuator endpoint; and support for Prometheus Client by updating the PrometheusPushGatewayManager class. More details on this release may be found in the release notes.

Similarly, versions [website] and [website] of Spring Boot have been released (presented here and here, respectively) featuring bug fixes, improvements in documentation, dependency upgrades and the addition of TWENTY_FOUR to the JavaVersion enum class. Further details on these releases may be found in the release notes for version [website] and version [website].

The second milestone release of Spring Security [website] delivers bug fixes, dependency upgrades and new aspects such as: a new HttpStatusAccessDeniedHandler class that sets an HTTP status code as a response; and new interfaces, GenerateOneTimeTokenRequestResolver and ServerGenerateOneTimeTokenRequestResolver , strategies for resolving an instance of the GenerateOneTimeTokenRequest class from the Jakarta Servlet HttpServletRequest and a Spring Framework ServerWebExchange interfaces, respectively. More details on this release may be found in the release notes.

Similarly, versions [website] and [website] of Spring Security have also been released with bug fixes, dependency upgrades and new attributes: a refactor of the s101 Gradle task is now dependent upon the assemble task instead of the check task for improved stability; and the addition of the disableDefaultRegistrationPage boolean field to the WebAuthnDsl class to disable a default WebAuthn registration page. Further details on these releases may be found in the release notes for version [website] and version [website].

The first milestone release of Spring Authorization Server [website] ships with dependency upgrades and support for Internet Engineering Task Force (IETF) RFC 9449, OAuth [website] Demonstrating Proof of Possession (DPoP), a mechanism for "sender-constraining OAuth [website] tokens via a proof-of-possession mechanism on the application level." More details on this release may be found in the release notes.

Similarly, versions [website] and [website] of Spring Authorization Server have also been released with bug fixes, dependency upgrades and new elements in version [website] that include: the addition of the Java @Override annotation to the many OAuth2, OIDC and JWT-related classes; and a replacement of the deprecated fromHttpUrl() method, defined in the Spring Framework UriComponentsBuilder class, with the preferred fromUriString() method in the AuthorizationServerContextFilter class. Further details on these releases may be found in the release notes for version [website] and version [website].

The release of Spring for GraphQL [website] ships with bug fixes, improvements in documentation, dependency upgrades and new attributes such as: implementations of the Spring Framework WebSocketHandler interface now log unhandled errors; and the authorization key lookup in the BearerTokenAuthenticationExtractor class should be case insensitive. More details on this release may be found in the release notes.

Versions [website] and [website] of Spring Session have been released featuring notable dependency upgrades such as: Spring Boot [website], Spring Framework [website] and Project Reactor [website] Further details on these releases may be found in the release notes for version [website] and version [website].

The second milestone release of Spring Integration [website] delivers bug fixes, dependency upgrades and new elements that include: an instance of the StreamTransformer class must remove a CLOSEABLE_RESOURCE header, defined in the IntegrationMessageHeaderAccessor class, from the output message once the resource has been closed; and inbound channel adapters for Apache Kafka now generate ID and TIMESTAMP headers, defined in the Spring Framework MessageHeaders class, by default for consistency with the rest of similar channel adapters in Spring Integration. More details on this release may be found in the release notes.

Similarly, versions [website] and [website] of Spring Integration have been released featuring dependency upgrades and resolutions to notable issues such as: use of the taskScheduler() method, defined in the DelayerEndpointSpec class, that doesn't allow to specify a custom task scheduler; and an instance of the SftpInboundFileSynchronizer fails to synchronize files if the directory path is a symbolic link. Further details on this release may be found in the release notes for version [website] and version [website].

The sixth milestone release of Spring AI [website] focuses on a continued "review of the codebase from a design perspective." New attributes include: the ability to declaratively, programmatically and functionally define tools with new annotations, @Tool and @ToolParam , and new classes, MethodToolCallback and FunctionToolCallback ; integration of the new Model Context Protocol Java SDK; and enhancements to the Vector Store API. More details on this release, including breaking changes, may be found in the upgrade notes.

The first milestone release of Spring AMQP [website] delivers bug fixes, improvements in documentation, dependency upgrades and new aspects such as: a full null-safety migration using JSpecify and NullAway; and improvements to the AbstractMessageListenerContainer class that changes the getMessageAckListener() from protected to public (for consistency with the corresponding setMessageAckListener() method) and the addition of a missing getErrorHandler() method. Further details on this release may be found in the release notes.

Similarly, versions [website] and [website] of Spring AMQP have also been released providing bug fixes, dependency upgrades and a backport of the improvements to the aforementioned AbstractMessageListenerContainer class. More details on this release may be found in the release notes for version [website] and version [website].

Versions [website] and [website] of Spring for Apache Kafka have been released providing bug fixes, dependency upgrades and an optimization of the MessagingMessageListenerAdapter class that was returning null from the invoke() method defined in the DelegatingInvocableHandler class. Further details on these releases may be found in the release notes for version [website] and version [website].

Versions [website] and [website] of Spring for Apache Pulsar have been released featuring respective dependency upgrades to Spring Framework [website] and [website], Micrometer [website] and [website], Micrometer Tracing [website] and [website] and Project Reactor [website] and [website] More details on these releases may be found in the release notes for version [website] and version [website].

A little gem from Kevin Powell’s “HTML & of the Week” website, reminding us that using container queries opens up container query units for si......

L'ANSSI publie un état de la menace sur le cloud computing. Plusieurs enjeux sont évoqués et particulièrement : la protection face aux lois-extraterri......

So far, 2025 has been the year of AI agents — where generative AI technology is used to automate actions. We’ve seen OpenAI’s Operator debut, demonstr......

Simplify Your Compliance With Google Cloud Assured Workloads

To navigate the complex world of cloud compliance, Google Cloud provides a tool, Google Cloud Assured Workloads, that helps organizations create a secure and compliant environment to run their workloads in Google Cloud. It helps organizations enforce strict data residency controls that restrict the resources to run only in specific Google Cloud Regions.

Assured Workloads Monitoring and Auditing helps organizations identify compliance policy violations in the Google Cloud environment. Additionally, Assured Support gives organizations control over their support experience. Organizations can decide who can access their data and restrict support personnel’s data access based on their location.

Assured Workloads offers a comprehensive set of controls for your Google Cloud environment:

Regional controls . Enforce data residency and personnel controls.

. Enforce data residency and personnel controls. Sovereign controls . Enforce data sovereignty requirements by expanding regional controls with external key management or using a hardware security module with key access justifications.

. Enforce data sovereignty requirements by expanding regional controls with external key management or using a hardware security module with key access justifications. Regulated controls. Enforce specific regulatory regimes like CJIS, FedRAMP Moderate, FedRAMP High, Healthcare and Life Science Controls, Healthcare and Life Science Controls with US Support, Impact Level 2 (IL2), Impact Level 4 (IL4), Impact Level 5 (IL5), ITAR, Canada Regulatory Frameworks.

To create and manage Assured Workloads folders, ensure that the principal has the "Access Transparency Admin" and "Assured Workloads Administrator" IAM roles.

Even though it's not mandatory for creating Assured Workloads folders, it's recommended to enable "Google Cloud Support." To receive assistance from Google Cloud Support, we’ll need an Enhanced or Premium Support subscription.

The Assured Workloads folder is the folder you create in Assured Workloads where you can store your Google Cloud projects that need to adhere to specific compliance requirements. Search for "Assured Workloads" in the Google Cloud Console and select "Assured Workloads."

We can select either the Regional, Sovereign, or Regulatory controls for our folder. In this tutorial, as we will create a folder that is compliant with the Fedramp Moderate Controls, we will select "Regulatory Controls" → "Fedramp Moderate."

The dzone-tutorial Assured Workloads folder has been created.

Assured Workloads Monitoring provides ongoing security and compliance assurance for our Google Cloud environment. Assured Workloads Monitoring regularly scans our Google Cloud environment, compares it to our organization's compliance posture, and sends notifications to the Administrator if any policy violations are detected. This proactive approach helps us maintain a secure and compliant Google Cloud Environment.

In the below example, as an Assured Workloads Administrator, we can notice any unresolved organization compliance policy violations.

Assured Workloads Administrator can identify the resource violations if the Cloud resources are running in a non-compliant region or unsupported Google Cloud Service is used in the Assured Workloads folder, or when a Google Cloud resource is created without the Customer Managed Encryption for a service that requires Customer Managed Encryption.

Assured Workloads Audit Manager enables organizations to audit their Google Cloud resources against major compliance frameworks, including NIST 800-53, SOC2, PCI DSS, ISO, and Google's AI controls. Audit Manager helps Organizations identify policy violations for specific compliance controls across the compliance frameworks.

You should see the success message saying, "The resource is successfully enrolled."

You have successfully enrolled for audits using Audit Manager.

You will see all the policy violations identified for the compliance framework on which we ran the audit.

Google Cloud Assured Workloads empowers organizations to take control of their cloud compliance. This blog walks you through how to establish secure, regulated environments by creating Assured Workloads folders tailored to meet specific compliance requirements.

You have successfully learned how to enforce data residency and sovereignty controls, ensuring your data stays where it should. The blog highlighted the ongoing assurance provided by Assured Workloads Monitoring, which proactively flags any policy violations.

Finally, we reviewed how Audit Manager simplifies compliance audits against major frameworks, offering evidence of your adherence to compliance controls. Essentially, this guide equips you with the tools to build and maintain a compliant Google Cloud environment.

A little gem from Kevin Powell’s “HTML & of the Week” website, reminding us that using container queries opens up container query units for si......

Large Language Model (LLM)-based Generative AI services such as OpenAI or Google Gemini are more effective at some tasks more so than others, advised Wei-Meng......

Ubuntu est supporté par le sous-système Linux de Windows, ou WSL. Pour aller plus loin, Ubuntu annonce le support d'un nouveau modèle de distribution ......