On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 3.0.5 has been released and is now available from Maven Central.

This release includes 40 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

Java 20 Support

Following the GA release of Java 20 earlier this week, Spring Boot 3.0.5 adds support for Java 20.

How can you help?

If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter…

Dear Spring community,

On behalf of the team, it is my pleasure to announce that Spring Integration 6.1.0-M2 is now available from Spring Milestone repository.

In addition bug fixes versions 5.5.17 and 6.0.4 have been released. They also include upgrades to the latest point versions of dependencies with their bug fixes.

The Spring Integration 6.1 version is a natural evolution of 6.x generation with fixes and improvements which didn't make it into 6.0. Plus we listen to community and make some possibly but convenient for target projects breaking changes.

Some highlights of this new version…

I'm pleased to announce that the Spring for GraphQL 1.0.4 and 1.1.3 maintenance versions are now available on Maven Central.

Spring for GraphQL 1.0.4 includes 6 fixes and documentation improvements. This version will be shipped with Spring Boot 2.7.10, to be released this Thursday.

Spring for GraphQL 1.1.3 includes 12 fixes and documentation improvements. This version will be shipped with Spring Boot 3.0.5, to be released this Thursday.

How can you help?

If you have general questions, please ask on stackoverflow.com using the spring-graphql tag.

Project Page | GitHub | Issues | Documentation | …

On behalf of the team and everyone who has contributed, it is my pleasure to announce the general availability of Spring Authorization Server 1.1.0-M2.

The main feature delivered in this release is support for OAuth 2.0 Device Authorization Grant (gh-1106).

See the release notes for complete details.

To get started using Spring Authorization Server, see the Getting Started chapter of the reference documentation and the samples to become familiar with setup and configuration.

Project Page | GitHub Issues | ZenHub Board

I am pleased to announce the first milestone release of Spring for GraphQL 1.2.0 is now available from our Milestone repository. This version will be shipped with Spring Boot 3.1.0-M2 due for release this Thursday.

This first milestone raises the baseline to GraphQL Java 20.0 and we will align with the new GraphQL Java release policy in the future. We are also upgrading to the next generations of Spring Framework, Spring Data and Spring Security.

Pagination Support

When it comes to navigating large result sets with GraphQL, the Cursor Connection Specification is very popular. With the features…

On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Framework 6.0.7 and 5.3.26 versions are available now.

Spring Framework 6.0.7 ships with 28 fixes and documentation improvements, including 2 fixes for regressions. Spring Framework 5.3.26 ships with 40 fixes and documentation improvements.

Those versions fix the following CVEs:

• cve-2023-20860: Security Bypass With Un-Prefixed Double Wildcard Pattern
• cve-2023-20861: Spring Expression DoS Vulnerability

Those versions will be shipped with Spring Boot 3.0.5 and 2.7.10, to be released Thursday. In…

On behalf of the team, I am pleased to announce that Spring Framework 5.2.23.RELEASE is available now. This release has been requested by Spring Framework commercial support customers and is available on Maven Central.

Spring Framework 5.2.23.RELEASE ships with 3 fixes, including a fix for the following CVE:

• cve-2023-20861: Spring Expression DoS Vulnerability.
• 5.2.22.RELEASE was not vulnerable to cve-2023-20860, so no fix was required.

This version will not be shipped with a Spring Boot release as 2.3.x is out of commercial support. You can manually upgrade Spring Framework in your Spring Boot Maven or Gradle builds. Upgrading to a supported Spring Boot version is…

On behalf of the team, I’m pleased to announce the availability of the 3rd Milestone of the Spring Data 2023.0 release train as well as service releaes 2022.0.4 & 2021.2.10. These releases ship with improvements, including fixes for regressions.

The upcoming Spring Boot 3.0.5 and 2.7.10 releases are going to pick up the service releases for your convenience.

New features included in 2023.0.0 Milestone 3 are amongst others:

• A new scroll API to support offset and key based pagination
• Improvements in JPA query parsing for HQL and JPQL
• Support for MongoDB's explicit field level encryption
• Aggregate reference request parameters in Data REST
…

On behalf of the team and everyone who has contributed, I am pleased to announce that the Spring Vault 3.0.2 and 2.3.3 versions are available now.

Spring Vault 3.0.2 ships with 7 fixes and documentation improvements Spring Vault 2.3.3 ships with 13 fixes and selected improvements.

Those versions fix the following CVE:

CVE-2023-20859: Insertion of Sensitive Information into Log Sourced from Failed Revocation of Tokens

Those versions will be shipped with Spring Cloud in the next days. Until then, please override the dependency version in your project.

For Gradle builds in build.gradle:

…