The Spring Framework has released version 6.1.13 that contains a fix for CVE-2024-38816: Path traversal vulnerability in functional web frameworks.

Note that open source support for Spring Framework 5.3.x and 6.0.x generations has ended last month, as announced previously. As a result, this fix has been applied to the 5.3.40 and 6.0.24 commercial releases, available now.

If you are not a commercial customer, please consider upgrading to an open source supported version at your earliest convenience.

Upgrading Your Project

Commercial customers using Spring Boot 2.7, 3.0, or 3.1 can make use of Spring Boot Hotfix releases 2.7.22.1, 3.0.17.1, and 3.1.13.1. Releases are available now on the Spring commercial artifact repository and can be accessed with a Spring Enterprise Subscription…

On behalf of the team, I am pleased to announce that Spring Framework 5.3.40 and 6.0.24 have been released for support customers. The releases are available from https://packages.broadcom.com.

• Spring Framework 5.3.40 ships with 1 bug fix.
• Spring Framework 6.0.24 ships with 2 bug fixes.

Those are out of cycle releases that address CVE-2024-38816, we will resume our usual 3 months cadence for 5.3.x and 6.0.x commercial releases.

We are happy to announce the availability of the first release candidate of Spring Framework 6.2. We shipped a few features since the last M7 release.

Spring Framework 6.2.0-RC1 is available from repo.spring.io/milestone now, check out the detailed changelog for this version.

Housekeeping

On top of new features, we also use minor versions as an opportunity to do some housekeeping in our codebase. For example, we harmonized Reactor client class names within the http.client package or promoted Etag as a first class concept. While those changes should be functionally equivalent, they might cause…

Dear Spring Community,

I am happy to announce the 4.25.0 release of the Spring Tools 4 for Visual Studio Code, Eclipse and Theia.

important highlights

• (Spring Boot) Code lenses added to explain SPEL expressions and AOP annotations with Copilot (VSCode only)
• (Spring Boot) Symbols, content-assist, and navigation support added for @Named, @Resource, @Inject, and @ConditionalOnResource
• (Spring Boot) Syntax highlighting and validation for CRON expressions inside @Scheduled annotation (VSCode only)
• (Spring Boot) Navigating to definition for some elements of Data Queries embedded into @Query annotations
…

Hi, Spring fans! Or, I suppose: 안녕하세요, Spring 팬 여러분! I'm writing this from a café in scintillating Seoul, Korea. It's amazing. I've been talking to developers of all stripes who are using and building upon Spring to do all sorts of cool stuff.

And tomorrow, it's off to jolly Japan. I'll be speaking, among other places, at the Japanese Spring User Group in Tokyo. I'd love to see you there!

We've got a lot to cover so let's dive right into it!

• Spring Framework contributor Sébastien Deleuze has a nice sample application demonstrating Kotlin/WASM, leveraging Kotlin serialization on both JVM and in WASM, and using Spring Boot 3.3 and Kotlin 2.0.
• Speaking of Sébastien, I interviewed him, and we talked about all things Spring, AppCDS, GraalVM, Project Leyden, Kotlin, and more.
• I also interviewed Spring founder Rod Johnson yesterday, and we talked about all things Spring, AI, venture capital, and more.
• There’s an interesting discussion on a ticket in Spring Framework around proxies with CGLIB when @Aspect is used.
• Micrometer 1.13.4 is out!…

Dive deep into the world of Spring Framework and Kotlin, GraalVM, Project Leyden, AppCDS, runtime efficiency, Kotlin, and more, with the one and only Sébastien Deleuze! From runtime efficiency to all things Kotlin, this episode is packed with expert insights and valuable information. Don't miss out on this enlightening conversation with a true Spring guru! Tune in now! #Java #SpringFramework #Kotlin #TechTalks #SpringBoot

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's September 3rd, and I'm still buzzing from the last week's SpringOne extravaganza! Also: I'm tired. Last week was nuts. I'm super glad it happened, but I'm tired. And also buzzing. You know? Surely you don't. I hope not lol. It's confusing. I feel like I am still "on," like there's work to be done for SpringOne. But I think I also appreciate that it's in the rear view window and it's time to focus on what's ahead: Asia! This Friday, I head to Korea, then Japan, then India, and then (not yet confirmed) China. Pay…

Hi, Spring fans! In this installment I talk to the Tanzu legend Chris Sterling, who works on making Spring an even more valuable part of a platform. (This episode was recorded live at the epic SpringOne 2024 event!)

How can Spring Boot developers improve the runtime efficiency of their applications with minimal constraints in order to enjoy those benefits on most applications? The answer is the CDS support introduced by Spring Boot 3.3 which allows you to start your Spring Boot applications faster and consume less memory. It is based on the foundation introduced by Spring Framework 6.1 that I presented a few months ago.

A key point is that this new CDS support provides a different value proposition compared to the GraalVM native image support: the improvements you get with CDS are less dramatic than with…