On behalf of the team, I am pleased to announce that Spring Framework 5.2.23.RELEASE is available now. This release has been requested by Spring Framework commercial support customers and is available on Maven Central.

Spring Framework 5.2.23.RELEASE ships with 3 fixes, including a fix for the following CVE:

• cve-2023-20861: Spring Expression DoS Vulnerability.
• 5.2.22.RELEASE was not vulnerable to cve-2023-20860, so no fix was required.

This version will not be shipped with a Spring Boot release as 2.3.x is out of commercial support. You can manually upgrade Spring Framework in your Spring Boot Maven or Gradle builds. Upgrading to a supported Spring Boot version is…

On behalf of the team, I’m pleased to announce the availability of the 3rd Milestone of the Spring Data 2023.0 release train as well as service releaes 2022.0.4 & 2021.2.10. These releases ship with improvements, including fixes for regressions.

The upcoming Spring Boot 3.0.5 and 2.7.10 releases are going to pick up the service releases for your convenience.

New features included in 2023.0.0 Milestone 3 are amongst others:

• A new scroll API to support offset and key based pagination
• Improvements in JPA query parsing for HQL and JPQL
• Support for MongoDB's explicit field level encryption
• Aggregate reference request parameters in Data REST
…

On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Vault 3.0.2 and 2.3.3 versions are available now.

Spring Vault 3.0.2 ships with 7 fixes and documentation improvements Spring Vault 2.3.3 ships with 13 fixes and selected improvements.

Those versions fix the following CVE:

CVE-2023-20859: Insertion of Sensitive Information into Log Sourced from Failed Revocation of Tokens

Those versions will be shipped with Spring Cloud in the next days. Until then, please override the dependency version in your project.

For Gradle builds in build.gradle:

…

Dear Spring Community,

I am happy to announce the 4.18.0 release of the Spring Tools 4 for Eclipse, Visual Studio Code, and Theia.

updates to the Spring Tools 4 for Eclipse distribution

• updated to Eclipse 2023-03 release (new and noteworthy)

important highlights

• (Spring Boot): new and vastly improved content-assist for Spring Data repository query methods (thanks to contributions from @danthe1st)
• (Spring Boot): the additional reconciling of Spring Boot projects to show Spring specific validations, outdated versions and more, now reports progress, runs faster, and uses less memory - please consider using this and tell us about your experiences and if you hit issues while having this feature enabled
• (VSCode): fixed an extremely annoying issue that caused regular Java content-assist in VSCode to stop working after a short while
• (Eclipse): a bug in m2e got fixed and is included in this release, which caused resource files (e.g. application.properties) to not be copied into the target folder anymore. This works again and automatically copies your changed application.properties…

On behalf of the team and everyone who has contributed, we are very excited to announce the 2.10.2 release of Spring Cloud Data Flow is now available from Maven Central. Release Notes

Spring updates

Updates to the following versions:

• Spring Boot 2.7.9

Stay in touch...

Project Page Data Flow Mini-site

As always, we welcome feedback and contributions, so please reach out to us on Stackoverflow or GitHub.

I am excited to announce the availability of Spring Modulith 0.5. The most relevant features the release ships are:

• #152 – A dedicated starter to ease inclusion of actuator and observability features
• #163 – The renamed property to trigger JDBC database initialization. (spring.modulith.events.schema-initialization.enabled -> spring.modulith.events.jdbc-schema-initialization.enabled)
• #149 – Default to await termination of task executors unless configured not to
• #150 – Scenario should run stimulus in new transaction
• #162, #154 – The usual dependency upgrades (Spring Boot 3.0.4, jMolecules 2022.2.4)
…

On behalf of the team, I’m pleased to announce the availability of Spring Data 2022.0.3 and 2021.2.9 service releases. These releases ship with improvements, including fixes for regressions. Some of them were important enough that we decided to release this version early, outside of the usual schedule.

The upcoming Spring Boot 3.0.4 release is going to pick up Spring Data 2022.0.3 for your convenience. If you want to upgrade your Spring Boot 2.7.x application to use Spring Data 2021.2.9, then use the version property mechanism to specify the Spring Data BOM version:

Maven POM:

<properties…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 3.0.4 has been released and is now available from Maven Central.

The release was earlier than originally scheduled because of a regression found in Spring Framework and it includes 19 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

How can you help?

If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.0.6 is available now.

Spring Framework 6.0.6 ships with 35 fixes and documentation improvements, including 7 fixes for regressions. Some of them were important enough that we decided to release this version early, outside of the usual schedule.

This version will be shipped with Spring Boot 3.0.4, to be released tomorrow. Spring Framework 6.0.7 and 5.3.26 will be released in two weeks as planned initially.

Project Page | GitHub | Issues | Documentation