The Spring Security and Spring Framework teams have collaborated to release fixes for the following CVEs.

• CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types
• CVE-2025-41249: Spring Framework Annotation Detection Vulnerability

Both of these CVE reports pertain to vulnerabilities that may be encountered when using security annotations on methods within type hierarchies with a parameterized super type with unbounded generics. See the individual CVE reports for further details.

CVE-2025-41248

The Spring Security 6.4.10 and 6.5.4 open source releases address CVE-2025-41248…

On behalf of the team and everyone who contributed, I am pleased to announce the fifth Milstone for 4.0.0 of Spring AMQP.

The patch versions 3.2.7 also has been released with bug fixes and dependency upgrades.

The most notable change in this milestone is a breaking migration from Spring Retry API to the one provided now in the Spring Framework Core.

See the Release Notes and [What's New][https://docs.spring.io/spring-amqp/reference/4.0/whats-new.html] for more information.

This is the last milestone before Release Candidate in October, so don't hesitate to reach us out in GitHub issues with…

On behalf of the community, I am pleased to announce that the Milestone 2 (M2) of the Spring Cloud 2025.1 (aka Oakwood) Release Train is available today. The release can be found in Maven Central. You can check out the 2025.1 release notes for more information.

Notable Changes in the 2025.1.0-M2 Release

Spring Cloud 2025.0.0-M2 depends on Spring Boot 4.0.0-M2. See all issues and pull requests that are part of the release here.

The following modules were updated as part of 2025.0.0-M1:

On behalf of the team and everyone who has contributed, I am pleased to announce the sixth and last milestone for the next Spring Data generation. This milestone continues delivering new features, refinements, and dependency upgrades.

Removed MongoDB UUID and BigDecimal Defaults

Spring Data MongoDB now aligns with the MongoDB Java Driver and no longer defaults to a representation for UUID values. Instead, you need to explicitly configure the desired representation through driver settings.

We're also no longer providing a default configuration value for BigInteger and resort the default for BigDecimal to Decimal128 in accordance with MongoDB's default codecs. This is a much safer approach that prevents you your application from accidentally switching representations when upgrading to the new major version. Please make sure to configure formats for big numbers through MongoCustomConversions…

On behalf of the team and everyone who has contributed, I’m pleased to announce the availability of 2025.0.4 and 2024.1.10 service releases. These releases ship with dependency upgrades, fixes for regressions and selected improvements.

The upcoming Spring Boot releases will pick up the above releases by next week.

2025.0.4

• Spring Data Commons 3.5.4 - Javadoc - Documentation - Changelog
• Spring Data JPA 3.5.4 - Javadoc - Documentation - Changelog
• Spring Data Neo4j 7.5.4 - Javadoc - Documentation - Changelog
• Spring Data for Apache Cassandra 4.5.4 - Javadoc - Documentation - Changelog
• Spring Data MongoDB 4.5.4 - Javadoc - Documentation - Changelog
• Spring Data KeyValue 3.5.4 - Javadoc - Documentation - Changelog
• Spring Data LDAP 3.5.4 - Javadoc - Documentation - Changelog
• Spring Data REST 4.5.4 - Javadoc - Documentation - Changelog
• Spring Data Redis 3.5.4 - Javadoc - Documentation - Changelog
• Spring Data Elasticsearch 5.5.4 - Javadoc - Documentation - …

On behalf of the team and everyone who has contributed, I am pleased to announce our last milestone for Spring Framework 7.0. This is our last stop before the release candidate, scheduled next month. We have compiled all the upgrade information, new features and deprecations on the Spring Framework 7.0 release notes preview page.

Resiliency refinements

The new Resiliency feature got a lot of fixes and refinements in this milestone, mostly around RetryException and exception handling. There is a new "programmatic support" section in the reference documentation, in case the annotation-based…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.2.11 is available now.

Spring Framework 6.2.11 ships with 23 fixes and documentation improvements. This version will be shipped next week with Spring Boot 3.4.10 and 3.5.6.

Project Page | GitHub | Issues | Documentation

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring gRPC 0.11.0 has been released and is now available from Maven Central. We are still planning to have a 1.0.0 release around the same time as Spring Boot 4.0.0.

The main changes in this release are bug fixes for 0.10.0. There is a small API change in the custom security adapter that extracts authentication data from an incoming request on the server. All users should upgrade as soon as possible.

How can you help?

If you're interested in helping out, check out the open issues. If you have general questions, please ask on Stack Overflow using the spring-grpc tag…

On behalf of the team and everyone who has contributed, I am pleased to announce the 4.32.0 release of the Spring Tools for Visual Studio Code, Eclipse and Theia.

This is a maintenance release that includes bugfixes and the update to the Eclipse 2025-09 release for the Spring Tools for Eclipse distribution. At the moment, there are no further maintenance releases planned for the Spring Tools 4.x line.

Detailed changes can be found in the release notes: https://github.com/spring-projects/spring-tools/releases/tag/4.32.0.RELEASE

downloads

To download the distribution for Eclipse and find links…