The Spring Framework has released version 6.1.13 that contains a fix for CVE-2024-38816: Path traversal vulnerability in functional web frameworks.

Note that open source support for Spring Framework 5.3.x and 6.0.x generations has ended last month, as announced previously. As a result, this fix has been applied to the 5.3.40 and 6.0.24 commercial releases, available now.

If you are not a commercial customer, please consider upgrading to an open source supported version at your earliest convenience.

Upgrading Your Project

Commercial customers using Spring Boot 2.7, 3.0, or 3.1 can make use of Spring Boot Hotfix releases 2.7.22.1, 3.0.17.1, and 3.1.13.1. Releases are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription…

On behalf of the team, I am pleased to announce that Spring Framework 5.3.40 and 6.0.24 have been released for support customers. The releases are available from https://packages.broadcom.com.

• Spring Framework 5.3.40 ships with 1 bug fix.
• Spring Framework 6.0.24 ships with 2 bug fixes.

Those are out of cycle releases that address CVE-2024-38816, we will resume our usual 3 months cadence for 5.3.x and 6.0.x commercial releases.

We are happy to announce the availability of the first release candidateof Spring Framework 6.2. We shipped a few features since the last M7 release.

Spring Framework 6.2.0-RC1 is available from repo.spring.io/milestone now, check out the detailed changelog for this version.

Housekeeping

On top of new features, we also use minor versions as an opportunity to do some housekeeping in our codebase. For example, we harmonized Reactor client class names within the http.client package or promoted Etag as a first class concept. While those changes should be functionally equivalent, they might cause…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.1.13 is available now.

Spring Framework 6.1.13 ships with 24 fixes and documentation improvements. This version will be shipped with Spring Boot 3.2.10 and Spring Boot 3.3.4 next week.

Project Page | GitHub | Issues | Documentation

I am pleased to announce that Spring for GraphQL 1.2.8 and 1.3.2 are now available on Maven Central.

1.2.8 closes 2 issues. This version will ship with Spring Boot 3.2.8, to be released this week.

1.3.2 closes 10 issues. This version will ship with Spring Boot 3.3.2, to be released this week.

How can you help?

If you have general questions, please ask on stackoverflow.com using the spring-graphql tag.

Project Page | GitHub | Issues | Documentation | Stack Overflow

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.1.10 is available now. This 6.1.x release fixes a few regressions that were shipped in 6.1.9 last week.

Spring Framework 6.1.10 ships with 12 fixes and documentation improvements. This version will be shipped with Spring Boot 3.2.7 and Spring Boot 3.3.1 tomorrow.

Project Page | GitHub | Issues | Documentation

I am pleased to announce that Spring for GraphQL 1.2.7 and 1.3.1 are now available on Maven Central.

1.2.7 closes 11 issues. This version will ship with Spring Boot 3.2.7, to be released this week.

1.3.1 closes 11 issues. This version will ship with Spring Boot 3.3.1, to be released this week.

How can you help?

If you have general questions, please ask on stackoverflow.com using the spring-graphql tag.

Project Page | GitHub | Issues | Documentation | Stack Overflow

We are happy to announce the availability of the fourth milestone of Spring Framework 6.2. We shipped quite a few features since our last M3 release.

Spring Framework 6.2.0-M4 is available from repo.spring.io/milestone now, check out the detailed release notes for this version.

Core and Testing

The Task and ScheduledTask types now expose metadata about their execution: last execution time and outcome, next scheduled execution time...

We also made further refinements for the new @TestBean and @MockitoBean support. You can read our reference documentation to see this feature in action.

Web and…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.1.9, 6.0.22 and 5.3.37 are available now. This 5.3.x release fixes further AOP regressions that were shipped in 5.3.35.

• Spring Framework 6.1.9 ships with 37 fixes and documentation improvements. This version will be shipped with Spring Boot 3.2.7 and Spring Boot 3.3.1, to be released next week.
• Spring Framework 6.0.22 ships with 9 fixes and documentation improvements.
• Spring Framework 5.3.37 ships with 6 fixes and documentation improvements.

Project Page | GitHub | Issues | Documentation

We are happy to announce the availability of the third milestone of Spring Framework 6.2. We released M2 last week, but decided to ship M3 along our latest set of maintenance releases.

Spring Framework 6.2.0-M3 is available from repo.spring.io/milestone now, with a few new features.

6.2 features recap

Check out our What's New page for details about the new features available at this point.