This is a new blog post in the Road to GA series, this time exploring the new capabilities of our HTTP clients. This is also a good time to reflect on the state of HTTP clients in Spring, so we will use this opportunity to explain an important announcement: we are officially deprecating RestTemplate.

Upcoming RestClient features

RestClient has been introduced in Spring Framework 6.1 and evolved in the 6.x line. In the upcoming 7.0 major version we are keeping up the pace with a round of new features.

API Versioning

Spring @Controller now supports the API Versioning concept to better implement different generations of your REST API within a single application. This feature is also supported on the client side, by using an ApiVersionInserter…

I am pleased to announce that the third Spring for GraphQL 2.0 Milestone release is now available.

Nullability support in schema mapping inspection

Our Schema Mapping Inspection feature got a recent upgrade thanks to our work on Null-safety in Spring projects.

If your application is written in Kotlin, or is using Null-safety annotations, further inspections will be performed. The GraphQL schema can declare nullable types (Book) and non-nullable types (Book!). We can ensure that both the schema and the application are in sync when it comes to nullability information.

• For schema fields, we can check that the relevant Class properties and DataFetcher return types with the same nullability.
• For field arguments, we can ensure that DataFetcher parameters have the same nullability
…

I am pleased to announce that Spring for GraphQL 1.4.2 is now available on Maven Central. This release closes 10 issues.

This version will ship with Spring Boot 3.5.6, to be released this week.

How can you help?

If you have general questions, please ask on stackoverflow.com using the spring-graphql tag.

Project Page | GitHub | Issues | Documentation | Stack Overflow

On behalf of the team and everyone who has contributed, I am pleased to announce our last milestone for Spring Framework 7.0. This is our last stop before the release candidate, scheduled next month. We have compiled all the upgrade information, new features and deprecations on the Spring Framework 7.0 release notes preview page.

Resiliency refinements

The new Resiliency feature got a lot of fixes and refinements in this milestone, mostly around RetryException and exception handling. There is a new "programmatic support" section in the reference documentation, in case the annotation-based…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.2.11 is available now.

Spring Framework 6.2.11 ships with 23 fixes and documentation improvements. This version will be shipped next week with Spring Boot 3.4.10 and 3.5.6.

CVE-2025-41249

This release addresses CVE-2025-41249 for "Spring Framework Annotation Detection Vulnerability", which was published in conjunction with CVE-2025-41248 for "Spring Security authorization bypass for method security annotations on parameterized types". See Spring Security and Spring Framework Release Fixes for CVE-2025-41248 and CVE-2025-41249…

On behalf of the team and everyone who has contributed, I am pleased to announce a new milestone for the next Spring Framework generation. We have compiled all the upgrade information, new features and deprecations on the Spring Framework 7.0 release notes preview page.

API Versioning updates

This is another feature-rich milestone for the API Versioning support. There are quite a few refinements around the configuration model and how we ensure that the API Versioning setup is valid. We also now support inserting API Version information in Media Types on the client side. We are receiving lots…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.2.10 is available now.

Spring Framework 6.2.10 ships with 11 fixes and documentation improvements. This version will be shipped next week with Spring Boot 3.4.9 and 3.5.5.

CVE-2025-41242:

This release addresses CVE-2025-41242 for "Path traversal vulnerability on non-compliant Servlet containers".

Open source support for Spring Framework 5.3.x and 6.1.x generations has ended, see our support page for more information. This fix has been applied to the 5.3.44 and 6.1.22 commercial releases…

I am pleased to announce that the first Spring for GraphQL 2.0 Milestone release is now available. This generation builds on top of Spring Framework 7.0 and requires the same baseline upgrades.

Baseline upgrades

Spring for GraphQL now requires graphql-java 24.0, but we are still tracking the upcoming 25.0 as a potential baseline for this generation. The 25.0 version is likely to bring interesting features, including a complete support for request cancellation in the core engine.

We are following the lead of Spring Framework, as we've upgraded to Kotlin 2.2.0. Similarly, spring-graphql now picks Jackson 3.x as the default but still supports Jackson 2.x as a fallback option. If you are upgrading your project, check out this section on major changes for this Jackson upgrade…

On behalf of the team and everyone who has contributed, I am pleased to announce a new milestone for the next Spring Framework generation. We have compiled all the upgrade information, new features and deprecations on the Spring Framework 7.0 release notes preview page.

Resilience Features

After the introduction of the org.springframework.core.retry package in 7.0.0-M6, effectively moving features from the former "spring-retry" project, we recently introduced dedicated @Retryable, @ConcurrencyLimit and @EnableResilientMethods annotations. This is now documented in the "Resilience Features" section of the reference documentation…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.2.9 is available now.

Spring Framework 6.2.9 ships with 28 fixes and documentation improvements. This version will be shipped next week with Spring Boot 3.4.8 and 3.5.4.

Project Page | GitHub | Issues | Documentation