Build the apps that make the world run. Join us at SpringOne in San Francisco, Dec 6–8. >
close

Spring Data 2021.2.1 and 2021.1.5 released

On behalf of the team, I’m pleased to announce Spring Data service releases 2021.2.1 and 2021.1.5.
Both releases ship with a fix for mostly bug fixes and dependency upgrades.
For your convenience, Spring Boot 2.7.1 respective 2.6.9 are going to pick up these releases in the upcoming days.

In addition, these releases include fixes for one vulnerability:

  • CVE-2022-22980
    “Spring Data MongoDB SpEL Expression Injection Vulnerability”
    SpEL injection attack in MongoDB applications through repository query methods annotated with @Query or @Aggregation using parametrized SpEL statements with non-sanitized input.
    Severity: High

These new versions are recommended upgrades for all Spring Data production scenarios.

To round things off, here are the links to the individual modules, changelogs, and documentation:

2021.2.1

2021.1.5

comments powered by Disqus