Spring Authorization Server moving to Spring Security 7.0

Engineering | Joe Grandja | September 11, 2025 | ...

Spring Authorization Server has come a long way since 1.0 was officially released in November 2022. Starting as a project separate from Spring Security, has allowed it to iterate quickly on feature development and ultimately grow a rich feature set for building OAuth2 Authorization Servers.

It has reached that point of maturity and stability and we believe the time is now to move it to Spring Security 7.0.

The main benefit this will provide our users is a streamlined developer experience. Whether you are working with OAuth2 Client or OAuth2 Authorization Server, you won’t need to switch between projects any longer as the source, javadoc and reference documentation will live in Spring Security. Furthermore, issues and pull requests will be solely managed…

Spring Framework 7.0.0-M9 available now

Releases | Brian Clozel | September 11, 2025 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce our last milestone for Spring Framework 7.0. This is our last stop before the release candidate, scheduled next month. We have compiled all the upgrade information, new features and deprecations on the Spring Framework 7.0 release notes preview page.

Resiliency refinements

The new Resiliency feature got a lot of fixes and refinements in this milestone, mostly around RetryException and exception handling. There is a new "programmatic support" section in the reference documentation, in case the annotation-based…

Spring Framework 6.2.11 Available Now

Releases | Brian Clozel | September 11, 2025 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.2.11 is available now.

Spring Framework 6.2.11 ships with 23 fixes and documentation improvements. This version will be shipped next week with Spring Boot 3.4.10 and 3.5.6.

CVE-2025-41249

This release addresses CVE-2025-41249 for "Spring Framework Annotation Detection Vulnerability", which was published in conjunction with CVE-2025-41248 for "Spring Security authorization bypass for method security annotations on parameterized types". See Spring Security and Spring Framework Release Fixes for CVE-2025-41248 and CVE-2025-41249

Spring gRPC 0.11.0 available now

Releases | Dave Syer | September 10, 2025 | ...

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring gRPC 0.11.0 has been released and is now available from Maven Central. We are still planning to have a 1.0.0 release around the same time as Spring Boot 4.0.0.

The main changes in this release are bug fixes for 0.10.0. There is a small API change in the custom security adapter that extracts authentication data from an incoming request on the server. All users should upgrade as soon as possible.

How can you help?

If you're interested in helping out, check out the open issues. If you have general questions, please ask on Stack Overflow using the spring-grpc tag

Spring Tools 4.32.0 released

Releases | Martin Lippert | September 10, 2025 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce the 4.32.0 release of the Spring Tools for Visual Studio Code, Eclipse and Theia.

This is a maintenance release that includes bugfixes and the update to the Eclipse 2025-09 release for the Spring Tools for Eclipse distribution. At the moment, there are no further maintenance releases planned for the Spring Tools 4.x line.

Detailed changes can be found in the release notes: https://github.com/spring-projects/spring-tools/releases/tag/4.32.0.RELEASE

downloads

To download the distribution for Eclipse and find links…

Access API Moves to Spring Security Access

Engineering | Josh Cummings | September 09, 2025 | ...

Five years ago, Spring Security began the journey of modernizing its authorization API. This has paved the way for a number of exciting features like Authorized POJOs, value masking, and, planned for Spring Security 7, Multi-Factor Authentication.

This also deprecated the majority of the Access API. The Access API comprises the family of components in the Spring Security access packages; for example, AccessDecisionManager, AccessDecisionVoter, and FilterSecurityInterceptor. It also includes @EnableGlobalMethodSecurity and other related configuration components.

The numerous benefits to this evolution are detailed on Spring Security's reference guide. It also includes a number of migration hints

Core Spring Resilience Features: @ConcurrencyLimit, @Retryable, and RetryTemplate

Engineering | Sam Brannen | September 09, 2025 | ...

This is the first blog post in the Road to GA series, highlighting major features within the Spring portfolio for the next major versions to be released in November of this year.

Today we are proud to announce the new resilience features coming in Spring Framework 7.0: concurrency throttling and retry support.

Concurrency Throttling

For certain tasks and resources it may be desirable to limit the level of concurrency. Concurrency throttling effectively protects the target resource from being accessed from too many threads at the same time, similar to the effect of a pool size limit for a…

Spring AI 1.1.0-M1 Available Now

Releases | Mark Pollack | September 09, 2025 | ...

On behalf of the Spring AI engineering team and everyone who has contributed, I'm happy to announce that Spring AI 1.1.0-M1 has been released and is now available from Maven Central.

This milestone release delivers important stability improvements and bug fixes.

Release Summary

This release includes 391 improvements, bug fixes, and documentation updates. The focus of this milestone release is on:

  • Improvements: 271 enhancements to expand capabilities and functionality
  • Stability: 76 bug fixes addressing community-reported issues
  • Documentation: 32 improvements to help developers
  • Security: 12 dependency upgrades for enhanced security

This Week in Spring - September 9th, 2025

Engineering | Josh Long | September 09, 2025 | ...

Hi, Spring fans! Welcome to another installment of This Week in Spring! I am home, ensconced in my studio here in somewhat sunny San Francisco, California, relaxing and trying to catch up on stuff I missed. As always, there's a ton! So let's dive right into it.

  • Some of the amazing features that were in Spring Retry and Spring Cloud have now been refined, enhanced, augmented, and put into the core Spring Framework. Meet the new resilience features - @ConcurrencyLimit, @Retryable, and RetryTemplate - in Spring Framework!
  • the new Spring AI 1.1.0-M1 is now available! Huzzah! This release features significantly improved MCP SDK upgrades, including a streamable HTTP transport, HttpClient/WebClient support, transport context APIs, enhanced resource template filtering, and MCP-compliant protocol version headers. It also features the new MCP annotation component model support. And, obviously, there are integrations and…

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all