Spring Boot 2.1.14 available now

Releases | Stéphane Nicoll | May 07, 2020 | ...

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 2.1.14 has been released and is now available from repo.spring.io and Maven Central.

This release includes 61 bug fixes, enhancements, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests.

Important Security Advisory

This version of Spring Boot includes a dependency upgrade to Spring Security 5.1.10.RELEASE. It contains fixes for CVE-2020-5407 and CVE-2020-5408, see also the official announcement.

How can you help?

If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag or chat with the community on Gitter

Spring Security 5.3.2, 5.2.4, 5.1.10, 5.0.16, 4.2.16 Released

Releases | Rob Winch | May 07, 2020 | ...

UPDATE 2020-05-13: The following versions of Spring Security address CVE-2020-5407 and CVE-2020-5408

On behalf of the community, I’m pleased to announce the release of Spring Security 5.3.2 (release notes), 5.2.4 (release notes), 5.1.10 (release notes) , 5.0.16 (release notes), 4.2.16 (release notes). These releases deliver bug fixes along with some minor improvements. Users are encouraged to update to the latest patch release.

Project Site | Reference | Help

End-of-Life for Spring Security OAuth

Engineering | Joe Grandja | May 07, 2020 | ...

In January 2018, we announced that the Spring Security OAuth (legacy) project is officially in maintenance mode. Later in November of 2019, we provided an update in the Spring Security OAuth 2.0 Roadmap, stating that the 2.3.x line will reach end-of-life in March 2020.

The currently supported version branches are 2.4.x and 2.5.x, with the 2.5.0 release scheduled for May 2020, which will be the final minor release.

To that end, the plan is to provide patch and security fixes for the 2.4.x and 2.5.x line until May 2021. Additionally, security fixes will be supported for the 2.5.x line until May 2022, at which point the project will have reached end-of-life. The same end-of-life timeline applies to the Spring Boot 2 auto-configuration project

Spring Tips: Season 7 Recap

Engineering | Josh Long | May 06, 2020 | ...

Hi, Spring fans! Welcome to the recap installment for the seventh season of Spring Tips! I can't believe we're already on season seven! In October of 2020, it'll be 4 straight years of doing these videos. Hopefully, they're helping.

Every season consists of 11 episodes and one recap blog post. Sometimes, I'll do an occasional extra episode or I'll do an episode during the interregnum between seasons as the situations sometimes demand. But, for now, I'm done for a little while - not as long as last time, for sure! But a little while. I need time to gather my resources, prepare new content, finish the Reactive Spring book, and…

This Week in Spring - May 5th, 2020

Engineering | Josh Long | May 05, 2020 | ...

Spring Cloud Function Native Images

Engineering | Dave Syer | May 04, 2020 | ...

Here's the latest graph of memory versus billing for Spring Cloud Function on AWS Lambda. It shows the billing metric GBsec as a function of memory allocation in Lambda for two custom runtimes, one in plain Java and one using a GraalVM native image, as described recently in this blog by Andy Clement:


In both cases the functionality is identical (a simple POJO-POJO function), and they both show only the results for cold start. Warm starts, where the function was already active when the request came in, were much faster and cheaper (except for the smallest memory setting they all cost the same…

Spring Boot 2.3.0.RC1 available now

Releases | Phil Webb | May 01, 2020 | ...

On behalf of the team and everyone that contributed, I am pleased to announce that the first release candidate of Spring Boot 2.3 is available now from our milestone repository.

This release closes over 70 issues and pull requests. Thanks to all those who have contributed.

Highlights of this milestone include:

  • Auto-configuration of a Wavefront sender bean.
  • Easier configuration of the data/time converts used by web applications.
  • Automatic creation of the developmentOnly configuration in Gradle.
  • Java buildpack support from the newly created Paketo project.

For a complete list of changes and upgrade instructions, please see the Spring Boot 2.3 Release Notes on the wiki and the updated reference documentation

Spring for Apache Kafka 2.5.0 Release Candidate

Releases | Gary Russell | April 30, 2020 | ...

The 2.5.0.RC1 release candidate is now avaialable in the Spring milestone repo.

Update: 2.5.0.RELEASE was released on May 13th.


  • kafka-clients 2.5.0 (alignment of version numbers is coincidental).

  • Support for re-committing retryable offset commit exceptions for retained partitions when using cooperative rebalancing.

  • Support for the new "fetch-offset-request" procuder fencing (when brokers are 2.5 or higher), requiring fewer producers.

  • Support for static group membership.

  • More integration with Micrometer.

  • Optional Delivery Attempts header.

  • RecoveringBatchErrorHandler can commit a partial batch and replay from failed record in a batch (with cooperation of the listener); this is now the default for a batch listener.

Get the Spring newsletter

Thank you!

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Spring Runtime offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all