On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 3.0.0-M3 has been released and is now available from https://repo.spring.io/milestone.

This release includes 74 bug fixes, documentation improvements, and dependency upgrades. Notable new features include:

• Auto-configuration for Micrometer Observation, Tracing, and OtlpMeterRegistry
• Reinstated Support for REST Assured and Pooled JMS

Please see the release notes for more details and upgrade instructions.

Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

A new round of releases for Spring Security is available now. The new releases fix a bug where the StrictHttpFirewall incorrectly rejects valid CJKV characters.

Please take a look at the release notes for more information.

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 6.0.0-M5 is available now.

This release includes dependency upgrades, bug fixes, and minor enhancements as well as a fix for a bug where the StrictHttpFirewall incorrectly rejects valid CJKV characters. The milestone contains a few noteworthy changes:

• Authorization on Every Dispatch Type

• Change the default of shouldFilterAllDispatchTypes to true

• Default to SecurityContextHolderFilter instead of SecurityContextPersistenceFilter

• Remove SAML Deprecations

See the release notes here and here for more…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Batch 4.3.6 has been released to Maven Central and that Spring Batch 5.0.0-M3 is now available from our milestone repository.

Spring Batch 4.3.6 is a patch release that comes with a number of bug fixes, enhancements, and dependency updates. For more details about the changes, see the change log.

This blog post is more about 5.0.0-M3, which comes with three major features:

• Native support improvements
• UTF-8 by default
• New Maven Bill of Materials

Moreover, this milestone release comes with a number of enhancements, bug fixes, and dependency updates. See the change log…

On behalf of the team, I’m please to announce the release of Spring Session 2021.2. This release upgrades to Spring Data 2021.2 and provides dependency upgrades, minor enhancements, bug fixes, and strategic changes to prepare Spring Session and it’s users for the next generation of Spring Session built on Spring Framework 6.

Project Site | Reference | Help

UPDATES

• [05-17] Due to a mixup CVE-2022-22975 should have been CVE-2022-22978. The blog has been updated to reflect this correction.

Spring Security 5.7.0 (release notes), 5.6.4 (release notes), 5.5.7 (release notes) have been released which fix

• CVE-2022-22978

• CVE-2022-22976.

Please update as soon as possible.

Project Site | Reference | Help

On behalf of the Data Team and everyone who contributed, I'm pleased to announce the GA release of the 2021.2 release train as well as the 4th Milestone of the 2022.0 one.

Already working on the 2022.0 train, based on Spring Framework 6, Java17 and Jakarta EE 9, the 2021.2 release ships bug fixes and selected back ported features.

Other than dependency upgrades, these are some of the major changes:

• Infrastructure to introspect a projection type.
• Common infrastructure for property-specific value converters.
• Improved support for IdClass handling in data-jpa.
• Declarative Update methods in data-mongodb.
• Reindexing support in data-elasticsearch.
• Direct projections for data-cassandra.
• ACL support for Redis Sentinels.
• Lock and Null precedence support for JDBC.
• Query Rewriter for JPA.
…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.0.0-M4 is available now.

Spring Framework 6.0.0-M4 ships with all the fixes from 5.3.20 released yesterday, and also includes 39 fixes and improvements specific to the 6.0 branch.

Project Page | GitHub | Issues | Documentation

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 5.3.20 and 5.2.22 are available now.

Spring Framework 5.3.20 includes 14 fixes and improvements. Spring Framework 5.2.22 includes 2 backports.

In addition, these releases include fixes for 2 vulnerabilities:

• CVE-2022-22970 "Spring Framework DoS via Data Binding to MultipartFile or Servlet Part" Denial of Service (DoS) attack in Spring MVC or Spring WebFlux applications that handle file uploads and rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. Severity: Medium

• CVE-2022-22971 "Spring Framework DoS with STOMP over WebSocket"
  Denial of service (DoS) attack by authenticated users in Spring applications with a STOMP over WebSocket endpoint. Severity: Medium

…