This Week in Spring - April 22nd, 2025

Engineering | Josh Long | April 22, 2025 | ...

Hi, Spring fans! Welcome to another installment of This Week in Spring, which I'm writing from magnificent Minneapolis, Minnesota, where I'm recording an amazing Frontend Masters course introducing Spring Boot.

Spring Security 5.7.17, 5.8.19, 6.0.17, 6.1.15, 6.2.11, 6.3.9, 6.4.5 Released, includes fix for CVE-2025-22234

Releases | Joe Grandja | April 22, 2025 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Security 5.7.17, 5.8.19, 6.0.17, 6.1.15, 6.2.11, 6.3.9, and 6.4.5 are available now which fix CVE-2025-22234.

Please refer to the releases page for more details.

Commercial customers using Spring Boot 2.7, 3.0, 3.1, or 3.2 will be able to update to Spring Boot 2.7.24.2, 3.0.19.2, 3.1.15.2, or 3.2.13.2 respectively to receive the corresponding Security releases 5.7.17, 6.0.17, 6.1.15, and 6.2.11. These Security versions are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription

Spring Cloud Data Flow End of Open-Source

News | Michael Minella | April 21, 2025 | ...

Spring Cloud Data Flow End of Open-Source

TL;DR; Today we're announcing that going forward we will not be maintaining Spring Cloud Data Flow, Spring Cloud Deployer, or Spring Statemachine as open-source projects. Spring Cloud Data Flow 2.11.x, Spring Cloud Deployer 2.9.x, and Spring Statemachine 4.0.x will be the last open-source lines and any future releases will only be made available to Tanzu Spring customers. This change has no impact on the rest of the open-source Spring portfolio or the support obligations of the currently available OSS versions for existing users.


Spring Cloud Data…

Spring Security 6.5.0-RC1 Is Out!

Releases | Josh Cummings | April 21, 2025 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce the release candidate milestone for the final Spring Security 6 minor release.

Among a number of feature enhancements, there are some that we'd love your attention on as we prepare them for general availability:

Core

  • Complete Deprecation of ConfigAttribute, SecurityConfig, and other Access API components.

Specifically, please speak up if you are using any of the ACL Access components that were deprecated.

OAuth 2.0

SAML 2.0

  • Simplified SAML 2.0 Response validation (docs), Assertion validation (docs), and Authentication conversion (docs)
  • A RelayState-based Authentication Request Repository - #14793

Spring for GraphQL 1.4 RC1 Released

Releases | Brian Clozel | April 17, 2025 | ...

On behalf of the Spring for GraphQL team, I am pleased to announce the availability of 1.4.0-RC1, our last stop before the generally available release. In case you missed it, 1.4.0-M1 already shipped lots of new features and improvements.

You can read the full changelog for 1.4.0-RC1 and the upgrade notes on our wiki.

DataLoader observations

The Spring for GraphQL instrumentation creates Micrometer Observations for GraphQL requests and DataFetcher operations. Some data fetching operations are relying on batch loading calls to avoid the "N+1 problem". In previous generations, one would not see the difference between a "full" data fetching operation and one that simply delegates to DataLoader

Spring Framework 7.0.0-M4 Available Now

Releases | Brian Clozel | April 17, 2025 | ...

On behalf of the team and everyone who has contributed, I am pleased to announce a new milestone for the next Spring Framework generation. The fourth milestone continues delivering new features and refinements on top of 7.0.0-M1, 7.0.0-M2 and 7.0.0-M3.

Class-File API usage for Java 24+ apps

Spring Framework reads class bytecode to collect metadata about the application code. Historically we have used a slim ASM fork for this purpose, through the MetadataReaderFactory and MetadataReader types in the org.springframework.core.type.classreading package. Although Spring applications typically have no direct exposure to this API, this is especially useful when parsing @Configuration

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all