Contact Us About Sponsorship

Questions about Micronaut Foundation sponsorship?

Please complete this form, and we’ll follow up with you shortly.

[hubspot type=form portal=4547412 id=a7b3ddfa-64b0-47fd-8358-45fa6a09456a]

Micronaut Framework 3.8.7 Released!

by Sergio Del Amo Caballero

The Micronaut Foundation is excited to announce the release of Micronaut framework 3.8.7!

This is a patch release, and it contains bug fixes. Moreover, Micronaut 3.8.7 includes patch releases of several modules – Micronaut Serialization, Micronaut CRaC, Micronaut Kafka, Micronaut AOT, and Micronaut GCP.

Moreover, update your application to version 3.7.4 of the Micronaut Gradle Plugins if you use Gradle.

SnakeYAML Upgrade

Micronaut Framework 3.8.7 updates to a major version of SnakeYAML – 2.0, which addresses CVE-2022-1471

Micronaut Framework is not affected by CVE-2022-1471. Micronaut Framework uses SnakeYAML only to load configuration in Micronaut applications. There is only one instance of SnakeYAML instantiation, which uses the Safe Constructor. Using SnakeYaml’s SafeConstructor is the recommended way to prevent CVE-2022-1471.

However, many organizations forbid their teams to use a framework that depends on a vulnerable dependency, even if it is unaffected. Because of that, we decided to update SnakeYAML to the next major version in a patch release of the framework. 

Next Steps

If you still need to update to Micronaut framework 3.8, this is an excellent opportunity to do it!

Please feel free to reach out to us if you need any assistance.