NEWEST POST
Connect Your AI to Everything: Spring AI's MCP Boot Starters
The Model Context Protocol (MCP) standardizes how AI applications interact with external tools and resources. Spring joined the MCP ecosystem early as a key contributor, helping to develop and maintain the official MCP Java SDK that serves as the foundation for Java-based MCP implementations. Building on this contribution, Spring AI has embraced MCP with comprehensive support through dedicated Boot Starters and MCP Java Annotations, making it easier than ever to build sophisticated AI-powered applications that can seamlessly connect to external systems.
This blog introduces core MCP components and demonstrates building both MCP Servers and Clients using Spring AI, showcasing basic and advanced features. The complete source code is available at: MCP Weather Example…
Spring Security 6.4.10 and 6.5.4 Released
On behalf of the team and everyone who has contributed, I am pleased to announce the availability of Spring Security 6.4.10 and 6.5.4.
Spring Security 6.4.10 ships with 4 fixes and several dependency upgrades. This version will be shipped this week with Spring Boot 3.4.10.
Spring Security 6.5.4 ships with 4 fixes and several dependency upgrades. This version will be shipped this week with Spring Boot 3.5.6.
These two releases also address CVE-2025-41248, which was announced in conjunction with CVE-2025-41249.
See Spring Security and Spring Framework Release Fixes for CVE-2025-41248 and CVE-2025-41249 for further…
Spring Security and Spring Framework Release Fixes for CVE-2025-41248 and CVE-2025-41249
The Spring Security and Spring Framework teams have collaborated to release fixes for the following CVEs.
- CVE-2025-41248: Spring Security authorization bypass for method security annotations on parameterized types
- CVE-2025-41249: Spring Framework Annotation Detection Vulnerability
Both of these CVE reports pertain to vulnerabilities that may be encountered when using security annotations on methods within type hierarchies with a parameterized super type with unbounded generics. See the individual CVE reports for further details.
CVE-2025-41248
The Spring Security 6.4.10 and 6.5.4 open source releases address CVE-2025-41248…
Spring AMQP 4.0 Milestone 5 Available
On behalf of the team and everyone who contributed, I am pleased to announce the fifth Milstone for 4.0.0 of Spring AMQP.
The patch versions 3.2.7 also has been released with bug fixes and dependency upgrades.
The most notable change in this milestone is a breaking migration from Spring Retry API to the one provided now in the Spring Framework Core.
See the Release Notes and [What's New][https://docs.spring.io/spring-amqp/reference/4.0/whats-new.html] for more information.
This is the last milestone before Release Candidate in October, so don't hesitate to reach us out in GitHub issues with…
Spring Cloud 2025.1.0-M2 (aka Oakwood) has been released
On behalf of the community, I am pleased to announce that the Milestone 2 (M2) of the Spring Cloud 2025.1 (aka Oakwood) Release Train is available today. The release can be found in Maven Central. You can check out the 2025.1 release notes for more information.
Notable Changes in the 2025.1.0-M2 Release
Spring Cloud 2025.0.0-M2 depends on Spring Boot 4.0.0-M2. See all issues and pull requests that are part of the release here.
The following modules were updated as part of 2025.0.0-M1:
| Module | Version | Issues |
|---|---|---|
| Spring Cloud OpenFeign | 5.0.0-M2 | (issues) |
| Spring Cloud Config | 5.0.0-M2 | (issues) |
| Spring Cloud Build | 5.0.0-M2 | (issues) |
| Spring Cloud Stream | 5.0.0-M2 | (issues) |
| Spring Cloud Netflix | 5.0.0-M2 | (issues) |
| Spring Cloud Circuitbreaker | 5.0.0-M2 | (issues) |
| Spring Cloud Contract | 5.0.0-M2 | (issues) |
| Spring Cloud Commons | 5.0.0-M2 | (issues) |
| Spring Cloud Consul | 5.0.0-M2 | (issues) |
| Spring Cloud Gateway | 5.0.0-M2 | (issues) |
| Spring Cloud Vault | 5.0.0-M2 | (issues) |
| Spring Cloud Function | 5.0.0-M2 | (issues) |
| Spring Cloud Dependencies | 2025.1.0-M2 | (issues) |
| Spring Cloud Task | 5.0.0-M2 | (issues) |
| Spring Cloud Kubernetes | 5.0.0-M2 | (issues) | …
Spring Data 2025.1.0-M6 released
On behalf of the team and everyone who has contributed, I am pleased to announce the sixth and last milestone for the next Spring Data generation. This milestone continues delivering new features, refinements, and dependency upgrades.
Removed MongoDB UUID and BigDecimal Defaults
Spring Data MongoDB now aligns with the MongoDB Java Driver and no longer defaults to a representation for UUID values. Instead, you need to explicitly configure the desired representation through driver settings.
We're also no longer providing a default configuration value for BigInteger and resort the default for BigDecimal to Decimal128 in accordance with MongoDB's default codecs. This is a much safer approach that prevents you your application from accidentally switching representations when upgrading to the new major version. Please make sure to configure formats for big numbers through MongoCustomConversions…
Spring Data 2025.0.4 and 2024.1.10 released
On behalf of the team and everyone who has contributed, I’m pleased to announce the availability of 2025.0.4 and 2024.1.10 service releases. These releases ship with dependency upgrades, fixes for regressions and selected improvements.
The upcoming Spring Boot releases will pick up the above releases by next week.
2025.0.4
- Spring Data Commons
3.5.4- Javadoc - Documentation - Changelog - Spring Data JPA
3.5.4- Javadoc - Documentation - Changelog - Spring Data Neo4j
7.5.4- Javadoc - Documentation - Changelog - Spring Data for Apache Cassandra
4.5.4- Javadoc - Documentation - Changelog - Spring Data MongoDB
4.5.4- Javadoc - Documentation - Changelog - Spring Data KeyValue
3.5.4- Javadoc - Documentation - Changelog - Spring Data LDAP
3.5.4- Javadoc - Documentation - Changelog - Spring Data REST
4.5.4- Javadoc - Documentation - Changelog - Spring Data Redis
3.5.4- Javadoc - Documentation - Changelog - Spring Data Elasticsearch
5.5.4- Javadoc - Documentation - …
A Bootiful Podcast: Purnima Padmanabhan, General Manager, Tanzu Division, Broadcom
Hi, Spring fans! In this installment, we talk to the general manager of Tanzu, the legendary Purnima Padmanabhan, about AI, the power of the platform, and more. Recorded live from SpringOne 2025!
Spring Authorization Server moving to Spring Security 7.0
Spring Authorization Server has come a long way since 1.0 was officially released in November 2022.
Starting as a project separate from Spring Security, has allowed it to iterate quickly on feature development and ultimately grow a rich feature set for building OAuth2 Authorization Servers.
It has reached that point of maturity and stability and we believe the time is now to move it to Spring Security 7.0.
The main benefit this will provide our users is a streamlined developer experience. Whether you are working with OAuth2 Client or OAuth2 Authorization Server, you won’t need to switch between projects any longer as the source, javadoc and reference documentation will live in Spring Security. Furthermore, issues and pull requests will be solely managed…
Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreGet support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all