The Spring Framework has released version 5.3.42 that contains a fix for:

• CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter

Note that open source support for Spring Framework 5.3.x and 6.0.x generations has ended last August, as announced previously. This fix has only been applied to the 5.3.42 commercial release, available now.

If you are not a commercial customer, please consider upgrading to an open source supported version at your earliest convenience.

Upgrading Your Project

Commercial customers using Spring Boot 2.7 can make use of Spring Boot Hotfix release 2.7.22.4. Releases are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.2.0 is available now. We would like to thank our community of "early adopters" who helped us refine this version during the milestone phase.

This new Spring generation will materialize in Spring Boot applications next week with Spring Boot 3.4.0. We wrote extensive release notes that will let you know how to easily upgrade and leverage the new features.

The Framework team is already working on the next major release as announced previously. Keep an eye on our official support timeline to…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.1.15 is available now.

Spring Framework 6.1.15 ships with 34 fixes and documentation improvements. This version will be shipped with Spring Boot 3.2.12 and Spring Boot 3.3.6 next week.

Project Page | GitHub | Issues | Documentation

We are happy to announce the availability of the last release candidate of Spring Framework 6.2. We have published this version just in time for the Spring Boot RC today. We'll be collecting feedback for the 6.2.0 GA release in November.

Spring Framework 6.2.0-RC3 is available from repo.spring.io/milestone now, check out the detailed changelog for this version.

6.2 features recap

Check out our What's New page for details about the new features available at this point.

I am pleased to announce that Spring for GraphQL 1.2.9 and 1.3.3 are now available on Maven Central.

1.2.9 closes 5 issues. This version will ship with Spring Boot 3.2.11, to be released this week.

1.3.3 closes 20 issues. This version will ship with Spring Boot 3.3.5, to be released this week.

How can you help?

If you have general questions, please ask on stackoverflow.com using the spring-graphql tag.

Project Page | GitHub | Issues | Documentation | Stack Overflow

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.1.14 is available now.

Spring Framework 6.1.14 ships with 25 fixes and documentation improvements. This version will be shipped with Spring Boot 3.2.11 and Spring Boot 3.3.5 next week.

Project Page | GitHub | Issues | Documentation

The Spring Framework has released version 6.1.14 that contains a fix for both:

• CVE-2024-38819: Path traversal vulnerability in functional web frameworks (2nd report)
• CVE-2024-38820: Spring Framework DataBinder case sensitive match exception

Note that open source support for Spring Framework 5.3.x and 6.0.x generations has ended last August, as announced previously. This fix has been applied to the 5.3.41 and 6.0.25 commercial releases, available now.

If you are not a commercial customer, please consider upgrading to an open source supported version at your earliest convenience.

Upgrading…

We are happy to announce the availability of the second release candidate of Spring Framework 6.2. We have been working on fixing regressions from previous milestones and shipping performance improvements.

Spring Framework 6.2.0-RC2 is available from repo.spring.io/milestone now, check out the detailed changelog for this version.

Spring 3.4.0-RC1 will be released next week, a good opportunity for testing the upcoming Spring generation in existing applications!

6.2 features recap

Check out our What's New page for details about the new features available at this point.

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.1.13 is available now.

Spring Framework 6.1.13 ships with 24 fixes and documentation improvements. This version will be shipped with Spring Boot 3.2.10 and Spring Boot 3.3.4 next week.

Project Page | GitHub | Issues | Documentation

The Spring Framework has released version 6.1.13 that contains a fix for CVE-2024-38816: Path traversal vulnerability in functional web frameworks.

Note that open source support for Spring Framework 5.3.x and 6.0.x generations has ended last month, as announced previously. As a result, this fix has been applied to the 5.3.40 and 6.0.24 commercial releases, available now.

If you are not a commercial customer, please consider upgrading to an open source supported version at your earliest convenience.

Upgrading Your Project

Commercial customers using Spring Boot 2.7, 3.0, or 3.1 can make use of Spring Boot Hotfix releases 2.7.22.1, 3.0.17.1, and 3.1.13.1. Releases are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription…