RepoJournal
Spring

@spring-projects

Spring Framework, Spring Boot, and the JVM enterprise layer

Pick a date

The Wire · Showcase

SPRING INTEGRATION FIXES CRITICAL LOCK REGISTRY BUG BLOCKING DISTRIBUTED SYSTEMS

By RepoJournal · Filed · About Spring

dependabot artembilan Oliver Drotbohm
3 people shipped this

Spring Integration shipped an emergency fix for JdbcLockRegistry that was causing false application hangs when different keys collided on shared locks.

The Spring Integration team resolved a critical caching logic flaw in JdbcLockRegistry [1] that made the previous lock-sharing approach from DefaultLockRegistry dangerous in production. Different cache keys were colliding on the same ReentrantLock, causing unrelated operations to block each other unnecessarily. This is the fix you've been waiting for if you're running distributed Spring Integration pipelines with JDBC-backed locking. A follow-up improvement [2] landed simultaneously to handle edge cases when cache capacity shrinks, ensuring already-held locks aren't evicted mid-operation. Across the broader portfolio, Spring AMQP and Spring HATEOAS cut through routine dependency updates [3] [4] [5] [6] [7], with Jackson bumped to 2.21.5 and 3.1.5, Log4j patched to 2.25.5, and Logback fixed for Throwable whitelist handling [8]. Nothing breaking in the batch, but the Integration fix demands immediate attention if you're using JDBC locks in a clustered environment.

Action items

References

  1. [1] GH-11157: Fix caching logic in the `JdbcLockRegistry` ↗ spring-projects/spring-integration
  2. [2] Adjust cache capacity in the `JdbcLockRegistry` ↗ spring-projects/spring-integration
  3. [3] Bump org.apache.logging.log4j:log4j-bom from 2.25.4 to 2.25.5 ↗ spring-projects/spring-amqp
  4. [4] Bump com.fasterxml.jackson:jackson-bom from 2.21.4 to 2.21.5 ↗ spring-projects/spring-amqp
  5. [5] Bump tools.jackson:jackson-bom from 3.1.4 to 3.1.5 ↗ spring-projects/spring-amqp
  6. [6] Bump ch.qos.logback:logback-classic from 1.5.37 to 1.5.38 ↗ spring-projects/spring-amqp
  7. [7] Bump org.hibernate.validator:hibernate-validator from 9.1.1.Final to 9.1.2.Final in the development-dependencies group ↗ spring-projects/spring-amqp
  8. [8] GH-2533 - Ensure Kotlin 2.2 compatibility. spring-projects/spring-hateoas

More from @spring-projects

Daily updates, in your inbox

Follow Spring

Spring Framework, Spring Boot, and the JVM enterprise layer We'll email you a link to confirm first.

Free. Confirm via email. Unsubscribe in one click.

— or follow the whole beat:

Elsewhere on the wire