Dear Spring community,

I'm pleased to announce that the Spring Framework 4.1.7 and 3.2.14 maintenance releases are available now. Aside from fixing various minor issues across the framework, these releases also address an XML parsing vulnerability through disabling DTD processing by default when parsing untrusted XML input in Spring MVC endpoints.

Note that Spring Framework 3.2.x has its End-of-Life scheduled for December 31, 2016. Based on demand and vulnerability reports, further maintenance releases will be made available up until then. At the same time, we strongly recommend a migration to Spring Framework 4.1.7 or the upcoming 4.2 at this point; please plan accordingly!

Cheers, Juergen

P.S.: Stay tuned for Spring Framework 4.2 RC2, following right away!