On behalf of the team and everyone who has contributed, I am pleased to announce a new milestone for the next Spring Framework generation. We have compiled all the upgrade information, new features and deprecations on the Spring Framework 7.0 release notes preview page.

API Versioning updates

This is another feature-rich milestone for the API Versioning support. There are quite a few refinements around the configuration model and how we ensure that the API Versioning setup is valid. We also now support inserting API Version information in Media Types on the client side. We are receiving lots…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.2.10 is available now.

Spring Framework 6.2.10 ships with 11 fixes and documentation improvements. This version will be shipped next week with Spring Boot 3.4.9 and 3.5.5.

CVE-2025-41242:

This release addresses CVE-2025-41242 for "Path traversal vulnerability on non-compliant Servlet containers".

Open source support for Spring Framework 5.3.x and 6.1.x generations has ended, see our support page for more information. This fix has been applied to the 5.3.44 and 6.1.22 commercial releases…

I am pleased to announce that the first Spring for GraphQL 2.0 Milestone release is now available. This generation builds on top of Spring Framework 7.0 and requires the same baseline upgrades.

Baseline upgrades

Spring for GraphQL now requires graphql-java 24.0, but we are still tracking the upcoming 25.0 as a potential baseline for this generation. The 25.0 version is likely to bring interesting features, including a complete support for request cancellation in the core engine.

We are following the lead of Spring Framework, as we've upgraded to Kotlin 2.2.0. Similarly, spring-graphql now picks Jackson 3.x as the default but still supports Jackson 2.x as a fallback option. If you are upgrading your project, check out this section on major changes for this Jackson upgrade…

On behalf of the team and everyone who has contributed, I am pleased to announce a new milestone for the next Spring Framework generation. We have compiled all the upgrade information, new features and deprecations on the Spring Framework 7.0 release notes preview page.

Resilience Features

After the introduction of the org.springframework.core.retry package in 7.0.0-M6, effectively moving features from the former "spring-retry" project, we recently introduced dedicated @Retryable, @ConcurrencyLimit and @EnableResilientMethods annotations. This is now documented in the "Resilience Features" section of the reference documentation…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.2.9 is available now.

Spring Framework 6.2.9 ships with 28 fixes and documentation improvements. This version will be shipped next week with Spring Boot 3.4.8 and 3.5.4.

Project Page | GitHub | Issues | Documentation

I am pleased to announce that Spring for GraphQL 1.3.6 and 1.4.1 maintenance releases are now available on Maven Central.

• 1.4.1 closes 15 issues. This version will ship with Spring Boot 3.5.4, to be released on July 24th.
• 1.3.6 closes 15 issues. This version will ship with Spring Boot 3.4.8, to be scheduled soon.

Both releases ship two important changes:

1. a performance improvement of our cancellation support; see gh-1242.

Thank you so much to our community for spotting this in production! 2. a much-needed GraphiQL upgrade for the GraphQL explorer, as the former CDN setup was recently broken; see …

On behalf of the team and everyone who has contributed, I am pleased to announce a new milestone for the next Spring Framework generation. The M6 continues delivering new features and refinements on top of 7.0.0-M1, 7.0.0-M2, 7.0.0-M3, 7.0.0-M4 and 7.0.0-M5.

We've made lots of refinements on features delivered in previous milestones, but we also have a new feature that we would like to share.

Retry support in Spring Core

We have been working on the Spring Retry project for a very long time. The Spring team decided that it was time to trim unnecessary features, revisit some of its API and merge the resulting work into the "spring-core" module of Spring Framework. This new Retry support is located in the org.springframework.core.retry…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.1.21 and 6.2.8 are available now.

Spring Framework 6.1.21 ships with 3 fixes and documentation improvements. This version will be shipped next week with Spring Boot 3.3.13.

Spring Framework 6.2.8 ships with 39 fixes and documentation improvements. This version will be shipped next week with Spring Boot 3.4.7 and 3.5.1.

CVE-2025-41234:

The releases address CVE-2025-41234 for RFD Attack via “Content-Disposition” Header Sourced from Request.

Open source support for Spring Framework 5.3.x and 6.0.x generations has ended, and this is our last OSS release for the 6.1.x generation, see our support page for more information…

On behalf of the Spring for GraphQL team, I am pleased to announce the availability of 1.4.0, the generally available release.

In case you missed those, the 1.4.0-M1 and 1.4.0-RC1 release blog posts described the new features for this generation. The Spring for GraphQL 1.4.0 wiki page should help you to upgrade your application. We will keep updating this page with the feedback we get from the community on our issue tracker and on StackOverflow.

GraphQL Java 24+ baseline

The GraphQL Java team recently released new major releases for the Java DataLoader and GraphQL Java projects. They immediately supersede the 23.x generation so Spring for GraphQL 1.4 will require GraphQL Java 24+ as a baseline. This last-minute change shouldn't affect much your…

On behalf of the team and everyone who has contributed, I am pleased to announce a new milestone for the next Spring Framework generation. The fifth milestone continues delivering new features and refinements on top of 7.0.0-M1, 7.0.0-M2, 7.0.0-M3 and 7.0.0-M4.

Jackson 3.0 support

As of #33798, we default to supporting Jackson 3.x in our entire stack, falling back to Jackson 2.x. Support for the Jackson 2.x generation has been deprecated in Spring Framework, and our current plan is to disable its auto-detection in 7.1, and remove its support entirely in 7.2.

Jackson 3.x uses a new tools.jackson package, which differs from the usual com.fasterxml.jackson. Classes from the "jackson-annotation" artifact (like @JsonView, @JsonTypeInfo) remain in the com.fasterxml.jackson…