On behalf of the Spring AI engineering team and everyone who contributed to this release, I am very excited to announce the general availability of Spring AI 1.0. We have a great release blog lined up for you.

Getting Started

All the new bits are in maven central. Use the provided bom to import the dependencies.

<dependencyManagement>
    <dependencies>
        <dependency>
            <groupId>org.springframework.ai</groupId>
            <artifactId>spring-ai-bom</artifactId>
            <version>1.0.0</version>0
            <type>pom</type>
            <scope>import</scope…

On behalf of the team and everyone who has contributed, it is my pleasure to announce the release of Spring Authorization Server 1.5.

The 1.5 release contains a few noteworthy new features:

• Add support for OAuth 2.0 Pushed Authorization Requests (PAR) (gh-1925)
• Support OAuth 2.0 Demonstrating Proof of Possession (DPoP) (gh-1813)
• Support POST for authorization code request flow (gh-1874)

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.

Project Page | GitHub Issues | …

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this, I'm in sunny Stockholm, Sweden for the JForum #123 installment. This is, apparently, the first time the meetup is completely full up since before the pandemic, with more than 150 people in attendance! Tak, Stockholm!

Then, tomorrow, I'm off to beautiful Barcelona, Spain, for the amazing Spring I/O event. I'll be doing part of the keynote with Spring AI founder Dr. Mark Pollack; I'll be looking at Spring's rich integration with AOT and GraalVM with GraalVM founder Thomas Wuerthinger; and I'll be doing…

Your First Spring AI 1.0 Application

by Dr. Mark Pollack, Christian Tsolov, and Josh Long

Hi, Spring fans! Spring AI is live on the Spring Initializr and everywhere fine bytes might be had. Ask your doctor if AI is right for you! It's an amazing time to be a Java and Spring developer. There's never been a better time to be a Java and Spring developer, and this is doubly true in this unique AI moment. You see, 90% of what people talk about when they talk about AI engineering is just integration with models, most of which have HTTP APIs. And most of what these models take is just human-language Strings. This is integration code, and what place for these integrations to exist than hanging off the side of your Spring-based workloads? The same workloads who business logic drives your organizations and which guard data that feeds your…

On behalf of the team and everyone who has contributed, I am pleased to announce the general availability of Spring Session 3.5.0!

This release contains fixes, dependency updates, and enhancements to position the project for Spring Session 4.0.0 this fall.

Project Page | GitHub | Issues | Documentation

On behalf of the Spring for GraphQL team, I am pleased to announce the availability of 1.4.0, the generally available release.

In case you missed those, the 1.4.0-M1 and 1.4.0-RC1 release blog posts described the new features for this generation. The Spring for GraphQL 1.4.0 wiki page should help you to upgrade your application. We will keep updating this page with the feedback we get from the community on our issue tracker and on StackOverflow.

GraphQL Java 24+ baseline

The GraphQL Java team recently released new major releases for the Java DataLoader and GraphQL Java projects. They immediately supersede the 23.x generation so Spring for GraphQL 1.4 will require GraphQL Java 24+ as a baseline. This last-minute change shouldn't affect much your…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Web Services 4.1.0 has been released and is now available from Maven Central.

This release adds a number of new features and improvements. For full upgrade instructions and new and noteworthy features please see the release notes.

What's new in 4.1

The highlights of the 4.1 release include:

• Apache Axiom Support has been restored
• Support for WSS4J v4
• Support for Configuring Arbitrary WSS4J Options
• More Flexible HTTP Message Sender

Dependency upgrades

Spring Web Services 4.1 moves to new versions of several Spring projects and we’ve also upgraded to the latest stable releases of other third-party libraries wherever possible. Please see the release notes…

Last month, we explored how to secure Spring AI MCP Servers[1] with the OAuth2 authorization framework. In the conclusion of that article, we mentioned we'd explore using standalone Authorization Servers for MCP Security and deviate from the then-current specification.

Since we published the article, the community has been very active in revising the original version of the specification. The new draft is simpler, and the major change does match what we had imagined for security. MCP Servers are still OAuth2 Resource Servers, meaning they authorize incoming requests using access tokens passed…