On behalf of the team and everyone who has contributed, I am pleased to announce the availability of Spring Security 6.3.9.

Please check the changelog for more details.

Project Page | GitHub | Issues | Documentation

On behalf of the team and everyone who has contributed, I am pleased to announce the availability of Spring Security 6.4.5.

Please check the changelog for more details.

Project Page | GitHub | Issues | Documentation

On behalf of the team and everyone who has contributed, I am pleased to announce the release candidate milestone for the final Spring Security 6 minor release.

Among a number of feature enhancements, there are some that we'd love your attention on as we prepare them for general availability:

Core

• Complete Deprecation of ConfigAttribute, SecurityConfig, and other Access API components.

Specifically, please speak up if you are using any of the ACL Access components that were deprecated.

OAuth 2.0

• Further refinements to DPoP support - #16937, #16921, and #16900

SAML 2.0

• Simplified SAML 2.0 Response validation (docs), Assertion validation (docs), and Authentication conversion (docs)
• A RelayState-based Authentication Request Repository - #14793
…

Hi, Spring fans! In this episode I'm joined by well-known member of the Java community Jeff Genender, whose contributions to Apache over the decades have driven several key projects with which you're no doubt familiar.

On behalf of the Spring for GraphQL team, I am pleased to announce the availability of 1.4.0-RC1, our last stop before the generally available release. In case you missed it, 1.4.0-M1 already shipped lots of new features and improvements.

You can read the full changelog for 1.4.0-RC1 and the upgrade notes on our wiki.

DataLoader observations

The Spring for GraphQL instrumentation creates Micrometer Observations for GraphQL requests and DataFetcher operations. Some data fetching operations are relying on batch loading calls to avoid the "N+1 problem". In previous generations, one would not see the difference between a "full" data fetching operation and one that simply delegates to DataLoader…

I am pleased to announce that Spring for GraphQL 1.3.5 is now available on Maven Central.

1.3.5 closes 12 issues. This version will ship with Spring Boot 3.3.11 and 3.4.5, to be released next week.

How can you help?

If you have general questions, please ask on stackoverflow.com using the spring-graphql tag.

Project Page | GitHub | Issues | Documentation | Stack Overflow

On behalf of the team and everyone who has contributed, I am pleased to announce a new milestone for the next Spring Framework generation. The fourth milestone continues delivering new features and refinements on top of 7.0.0-M1, 7.0.0-M2 and 7.0.0-M3.

Class-File API usage for Java 24+ apps

Spring Framework reads class bytecode to collect metadata about the application code. Historically we have used a slim ASM fork for this purpose, through the MetadataReaderFactory and MetadataReader types in the org.springframework.core.type.classreading package. Although Spring applications typically have no direct exposure to this API, this is especially useful when parsing @Configuration…

On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.1.19 and 6.2.6 are available now.

Spring Framework 6.1.19 ships with 11 fixes and documentation improvements. This version will be shipped next week with Spring Boot 3.3.11.

Spring Framework 6.2.6 ships with 35 fixes and documentation improvements. This version will be shipped next week with Spring Boot 3.4.5 and 3.5.0-RC1. It's very unusual for us to ship new features in maintenance versions, but this version also brings first-class support for Bean Overrides with @ContextHierarchy. Please refer to the "Context hierarchies with bean overrides" documentation section…

• Spring AI M7 is here! This new release includes a bunch of awesome new features! And some refactorings. Notably that the Spring AI auto-configuration has changed from a single monolithic artifact to individual auto-configuration artifacts per model, vector store, and other components. This change was made to minimize the impact of different versions of dependent libraries conflicting, such as Google Protocol Buffers, Google RPC, and others. By separating auto-configuration into component-specific artifacts, you can avoid pulling in unnecessary dependencies and reduce the risk of version…