Spring Integration 7.0 Milestone 3 Available

Releases | Artem Bilan | September 17, 2025 | ...

On behalf of the team and everyone who contributed, I am pleased to announce the Third Milestone of Spring Integration 7.0.0 generation. For convenience, the 7.0.0-M3 artifacts are also available in Maven Central.

In addition, the 6.5.2 and 6.4.7 versions with bug fixes and dependency upgrades have been released.

Some notable changes in 7.0.0-M3 are:

  • JUnit 6 upgrade;
  • The Nullability via JSpecify and Nullaway is applied to every single package in the project;
  • The AbstractPersistentAcceptOnceFileListFilter implementations now deal with full remote file to avoid conflict with the same file name in different directories;
  • The AbstractInboundFileSynchronizer now caches the Session.list() result (after filtering) between polls when maxFetchSize is limited;
  • The Spring Retry dependnecy has been removed and its API has been replaced with similar one in the Spring Framework Core;
  • All the available major/minor dependency upgrades.

This Week in Spring - September 16th, 2025

Engineering | Josh Long | September 16, 2025 | ...

Hi, Spring fans! Welcome to another extra special installment of This Week in Spring, wherein we celebrate a very auspicious day indeed: the release of Java 25 and GraalVM 25! That's right: an incredible new iteration of the JVM has just dropped and with it come a ton of features! Let's go through some of my favorites.

One nicety is the new Module import declarations - import all the packages in a given module with a new import variant. (Does not require importer be in a module). So now you could do: import module java.base; to get most of the core JDK types in your program in a single line…

Spring for GraphQL 2.0.0-M3 released

Releases | Brian Clozel | September 16, 2025 | ...

I am pleased to announce that the third Spring for GraphQL 2.0 Milestone release is now available.

Nullability support in schema mapping inspection

Our Schema Mapping Inspection feature got a recent upgrade thanks to our work on Null-safety in Spring projects.

If your application is written in Kotlin, or is using Null-safety annotations, further inspections will be performed. The GraphQL schema can declare nullable types (Book) and non-nullable types (Book!). We can ensure that both the schema and the application are in sync when it comes to nullability information.

  • For schema fields, we can check that the relevant Class properties and DataFetcher return types with the same nullability.
  • For field arguments, we can ensure that DataFetcher parameters have the same nullability

Connect Your AI to Everything: Spring AI's MCP Boot Starters

Engineering | Christian Tzolov | September 16, 2025 | ...

The Model Context Protocol (MCP) standardizes how AI applications interact with external tools and resources. Spring joined the MCP ecosystem early as a key contributor, helping to develop and maintain the official MCP Java SDK that serves as the foundation for Java-based MCP implementations. Building on this contribution, Spring AI has embraced MCP with comprehensive support through dedicated Boot Starters and MCP Java Annotations, making it easier than ever to build sophisticated AI-powered applications that can seamlessly connect to external systems.

This blog introduces core MCP components and demonstrates building both MCP Servers and Clients using Spring AI, showcasing basic and advanced features. The complete source code is available at: MCP Weather Example

API Versioning in Spring

Engineering | Rossen Stoyanchev | September 16, 2025 | ...

In this 2nd blog post of the Road to GA series highlighting major features within the Spring portfolio for the next major versions to be released in November, I’m going to focus on the upcoming API Versioning support in Spring Framework 7.

Introduction

API versioning is a challenging topic. Most articles list various ways to do it, but offer no advice. When advice is offered, it ranges widely. For example, Roy Fielding advises against it. It is a common and widely used practice, and yet there is no standard or agreement on how to or whether to do it.

Furthermore, different applications have…

Spring for Apache Pulsar 1.2.10 and 2.0.0-M3 are now available

Releases | Chris Bono | September 16, 2025 | ...

On behalf of the team and everyone who has contributed, I’m happy to announce that Spring for Apache Pulsar 1.2.10 and 2.0.0-M3 have been released and are now available from Maven Central.

The 1.2.10 release will be included in the upcoming Spring Boot 3.4.10 and 3.5.6 releases. The 2.0.0-M3 release will be included in the upcoming Spring Boot 4.0.0-M3 release.

Please see the release notes (1.2.10 and 2.0.0-M3) for more details.

Spring Security 6.4.10 and 6.5.4 Released

Releases | Josh Cummings | September 15, 2025 | ...

--- IMPORTANT UPDATE ---

An error occurred in our release process for 6.4.10 and 6.5.4 that did not include Spring Framework 6.2.11.

Given this, we have released 6.4.11 and 6.5.5, which now includes Spring Framework 6.2.11.

On behalf of the team and everyone who has contributed, I am pleased to announce the availability of Spring Security 6.4.10 and 6.5.4.

Spring Security 6.4.10 ships with 4 fixes and several dependency upgrades. This version will be shipped this week with Spring Boot 3.4.10.

Spring Security 6.5.4 ships with 4 fixes and several dependency upgrades. This version will be shipped this week with Spring Boot 3.5.6

Spring Security and Spring Framework Release Fixes for CVE-2025-41248 and CVE-2025-41249

Releases | Sam Brannen | September 15, 2025 | ...

The Spring Security and Spring Framework teams have collaborated to release fixes for the following CVEs.

  • CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types
  • CVE-2025-41249: Spring Framework Annotation Detection Vulnerability

Both of these CVE reports pertain to vulnerabilities that may be encountered when using security annotations on methods within type hierarchies with a parameterized super type with unbounded generics. See the individual CVE reports for further details.

CVE-2025-41248

The Spring Security 6.4.11 and 6.5.5 open source releases address CVE-2025-41248

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all