I am pleased to announce that Spring for GraphQL 1.4.2 is now available on Maven Central. This release closes 10 issues.

This version will ship with Spring Boot 3.5.6, to be released this week.

How can you help?

If you have general questions, please ask on stackoverflow.com using the spring-graphql tag.

Project Page | GitHub | Issues | Documentation | Stack Overflow

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring for Apache Pulsar 1.2.10 and 2.0.0-M3 have been released and are now available from Maven Central.

The 1.2.10 release will be included in the upcoming Spring Boot 3.4.10 and 3.5.6 releases. The 2.0.0-M3 release will be included in the upcoming Spring Boot 4.0.0-M3 release.

Please see the release notes (1.2.10 and 2.0.0-M3) for more details.

On behalf of the team and everyone who has contributed, I am pleased to announce the availability of Spring Security 6.4.10 and 6.5.4.

Spring Security 6.4.10 ships with 4 fixes and several dependency upgrades. This version will be shipped this week with Spring Boot 3.4.10.

Spring Security 6.5.4 ships with 4 fixes and several dependency upgrades. This version will be shipped this week with Spring Boot 3.5.6.

These two releases also address CVE-2025-41248, which was announced in conjunction with CVE-2025-41249.

See Spring Security and Spring Framework Release Fixes for CVE-2025-41248 and CVE-2025-41249 for further…

The Spring Security and Spring Framework teams have collaborated to release fixes for the following CVEs.

• CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types
• CVE-2025-41249: Spring Framework Annotation Detection Vulnerability

Both of these CVE reports pertain to vulnerabilities that may be encountered when using security annotations on methods within type hierarchies with a parameterized super type with unbounded generics. See the individual CVE reports for further details.

CVE-2025-41248

The Spring Security 6.4.10 and 6.5.4 open source releases address CVE-2025-41248…

On behalf of the team and everyone who contributed, I am pleased to announce the fifth Milstone for 4.0.0 of Spring AMQP.

The patch versions 3.2.7 also has been released with bug fixes and dependency upgrades.

The most notable change in this milestone is a breaking migration from Spring Retry API to the one provided now in the Spring Framework Core.

See the Release Notes and What's New for more information.

This is the last milestone before Release Candidate in October, so don't hesitate to reach us out in GitHub issues with any feddback!

Cheers, 
Artem

Project Page | GitHub Issues | Contributing | …

On behalf of the community, I am pleased to announce that the Milestone 2 (M2) of the Spring Cloud 2025.1 (aka Oakwood) Release Train is available today. The release can be found in Maven Central. You can check out the 2025.1 release notes for more information.

Notable Changes in the 2025.1.0-M2 Release

Spring Cloud 2025.0.0-M2 depends on Spring Boot 4.0.0-M2. See all issues and pull requests that are part of the release here.

The following modules were updated as part of 2025.0.0-M1:

On behalf of the team and everyone who has contributed, I’m pleased to announce the availability of 2025.0.4 and 2024.1.10 service releases. These releases ship with dependency upgrades, fixes for regressions and selected improvements.

The upcoming Spring Boot releases will pick up the above releases by next week.

2025.0.4

• Spring Data Commons 3.5.4 - Javadoc - Documentation - Changelog
• Spring Data JPA 3.5.4 - Javadoc - Documentation - Changelog
• Spring Data Neo4j 7.5.4 - Javadoc - Documentation - Changelog
• Spring Data for Apache Cassandra 4.5.4 - Javadoc - Documentation - Changelog
• Spring Data MongoDB 4.5.4 - Javadoc - Documentation - Changelog
• Spring Data KeyValue 3.5.4 - Javadoc - Documentation - Changelog
• Spring Data LDAP 3.5.4 - Javadoc - Documentation - Changelog
• Spring Data REST 4.5.4 - Javadoc - Documentation - Changelog
• Spring Data Redis 3.5.4 - Javadoc - Documentation - Changelog
• Spring Data Elasticsearch 5.5.4 - Javadoc - Documentation - …

On behalf of the team and everyone who has contributed, I am pleased to announce the sixth and last milestone for the next Spring Data generation. This milestone continues delivering new features, refinements, and dependency upgrades.

Removed MongoDB UUID and BigDecimal Defaults

Spring Data MongoDB now aligns with the MongoDB Java Driver and no longer defaults to a representation for UUID values. Instead, you need to explicitly configure the desired representation through driver settings.

We're also no longer providing a default configuration value for BigInteger and resort the default for BigDecimal to Decimal128 in accordance with MongoDB's default codecs. This is a much safer approach that prevents you your application from accidentally switching representations when upgrading to the new major version. Please make sure to configure formats for big numbers through MongoCustomConversions…

On behalf of the team and everyone who has contributed, I am pleased to announce our last milestone for Spring Framework 7.0. This is our last stop before the release candidate, scheduled next month. We have compiled all the upgrade information, new features and deprecations on the Spring Framework 7.0 release notes preview page.

Resiliency refinements

The new Resiliency feature got a lot of fixes and refinements in this milestone, mostly around RetryException and exception handling. There is a new "programmatic support" section in the reference documentation, in case the annotation-based…