{"id":7694,"date":"2025-06-23T09:58:23","date_gmt":"2025-06-23T09:58:23","guid":{"rendered":"https:\/\/www.europesays.com\/us\/7694\/"},"modified":"2025-06-23T09:58:23","modified_gmt":"2025-06-23T09:58:23","slug":"spring-news-roundup-spring-vault-milestone-point-releases-and-end-of-oss-support","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/us\/7694\/","title":{"rendered":"Spring News Roundup: Spring Vault Milestone, Point Releases and End of OSS Support"},"content":{"rendered":"

There was a flurry of activity in the Spring ecosystem during the week of June 16th, 2025, highlighting: the first milestone release of Spring Vault<\/a> 4.0; and point releases of of Spring Boot<\/a>, Spring Security<\/a>, Spring Authorization Server<\/a>, Spring Session<\/a>, Spring Integration<\/a>, Spring Modulith<\/a>, Spring REST Docs<\/a>, Spring AMQP<\/a>, Spring for Apache Kafka<\/a>, Spring for Apache Pulsar<\/a> and Spring Web Services<\/a>.<\/p>\n

Release trains for numerous Spring projects will also reach the end of OSS support on June 30, 2025.<\/p>\n

Spring Boot<\/p>\n

Versions 3.5.1, 3.4.7 and 3.3.13 of Spring Boot<\/a> (announced here<\/a>, here<\/a> and here<\/a>, respectively) all deliver bug fixes, improvements in documentation and dependency upgrades. New features include: the ability to customize instances of the ConfigData.Options<\/a><\/strong> class that are set on the ConfigDataEnvironmentContributors<\/a><\/strong> class; and an upgrade to Apache Tomcat 10.1.42 which has introduced limits for part count and header size in multipart\/form-data<\/strong> requests. These limits can be customized using the server.tomcat.max-part-count<\/strong> and server.tomcat.max-part-header-size<\/strong> properties, respectively.<\/p>\n

Versions 3.5.3 and 3.5.2 (announced here<\/a> and here<\/a>) were unscheduled releases to address a difficult regression that was inadvertently introduced in version 3.5.1.<\/p>\n

More details on these releases may be found in the release notes for version 3.5.3<\/a>, version 3.5.2<\/a>, version 3.5.1<\/a>, version 3.4.7<\/a> and version 3.3.13<\/a>.<\/p>\n

Spring Security<\/p>\n

Spring Security<\/a> 6.5.1, 6.4.7 and 6.3.10 all deliver bug fixes, dependency upgrades and new features such as: a new migration guide<\/a> that describes the transition from the now defunct Spring Security SAML Extension<\/a> to built-in support for SAML 2.0<\/a>; and support for the AsciiDoc include-code<\/a> extension. Further details on these releases may be found in the release notes for version 6.5.1<\/a>, version 6.4.7<\/a> and version 6.3.10<\/a>.<\/p>\n

Spring Authorization Server<\/p>\n

The release<\/a> of Spring Authorization Server<\/a> 1.5.1, 1.4.4 and 1.3.7 all ship with bug fixes, dependency upgrades and a new feature that improves logging from the doFilterInternal()<\/strong> method, defined in the OAuth2ClientAuthenticationFilter<\/a><\/strong> class, to report on issues with client credentials. More details on these releases may be found in the release notes for version 1.5.1<\/a>, version 1.4.4<\/a> and version 1.3.7<\/a>.<\/p>\n

Spring Session<\/p>\n

Spring Session<\/a> 3.5.1 and 3.4.4 provide dependency upgrades and a resolution to a ClassCastException<\/strong> due to a race condition from integration tests that use the Redis SessionEventRegistry<\/a><\/strong> class as it assumes there is only one event type for each session ID. Further details on these releases may be found in the release notes for version 3.5.1<\/a> and version 3.4.4<\/a>.<\/p>\n

Spring Integration<\/p>\n

Spring Integration<\/a> 6.3.11 ships with dependency upgrades and a resolution to a NullPointerException<\/strong> from the private obtainFolderInstance()<\/strong> method, defined in the AbstractMailReceiver<\/a><\/strong> class, to use the getDefaultFolder()<\/strong> method from the Jakarta Mail Store<\/a><\/strong> class if the URL is not provided or null<\/strong>. More details on this release may be found in the release notes<\/a>.<\/p>\n

Spring Modulith<\/p>\n

Spring Modulith<\/a> 1.4.1 and 1.3.7 provide bug fixes, dependency upgrades and improvements: the addition of missing reflection metadata in the JSONPath<\/a> lookup for application module identifiers when converting to native image with GraalVM; and a resolution to prevent application module misconfiguration from the getModuleForPackage()<\/strong> method, defined in the ApplicationModules<\/a><\/strong> class, depending on the order of values stored in an instance of the Java Map<\/a><\/strong> interface that may return invalid additional packages. Further details on these releases may be found in the release notes for version 1.4.1<\/a> and version 1.3.7<\/a>.<\/p>\n

Spring REST Docs<\/p>\n

Spring REST Docs<\/a> 3.0.4 ships with improvements in documentation and notable changes: support for the Spring Framework 6.2 release train as default version due to the Spring Framework 6.1 release train reaching end of OSS support on June 30, 2025; and a workaround to resolve a breaking change with asciidoctor-maven-plugin<\/strong> 3.1.0 that no longer uses relative paths to build documentation. More details on this release may be found in the release notes<\/a>.<\/p>\n

Spring AMQP<\/p>\n

Spring AMQP<\/a> 3.1.12 provides dependency upgrades and resolutions to issue such as: removal of the cancelled()<\/strong> method from the logic within the commitIfNecessary()<\/strong> method, defined in the BlockingQueueConsumer<\/a><\/strong> class that had been causing anomalies in the shutdown process; and an instance of the default Spring Framework ThreadPoolTaskScheduler<\/a><\/strong> class created in the doInitialize()<\/strong> method, defined in the DirectMessageListenerContainer<\/a><\/strong> class, does not properly shut down when the container is destroyed. Further details on this release may be found in the release notes<\/a>.<\/p>\n

Spring for Apache Kafka<\/p>\n

The release<\/a> of Spring for Apache Kafka<\/a> 3.3.7 and 3.2.10 delivers bug fixes, dependency upgrades and one new feature that now propagates the trace context when asynchronously handling Kafka message failures. More details on these releases may be found in the release notes for version 3.3.7<\/a> and version 3.2.10<\/a>.<\/p>\n

Spring for Apache Pulsar<\/p>\n

Spring for Apache Pulsar<\/a> 1.2.7 and 1.1.13 ship with improvements in documentation and notable respective dependency upgrades such as: Spring Framework 6.2.8 and 6.1.21; Project Reactor 2024.0.7 and 2023.0.19; and Micrometer 1.14.8 and 1.13.15. Further details on these releases may be found in the release notes for verizon 1.2.7<\/a> and version 1.1.3<\/a>.<\/p>\n

Spring Web Services<\/p>\n

The release<\/a> of Spring Web Services<\/a> 4.0.15 features dependency upgrades and a resolution to the SimpleXsdSchema<\/a><\/strong> class that references an instance of the Java Element<\/a><\/strong> interface, which is not thread safe, that has caused issues when multiple clients have simultaneously requested the schema file. More details on this release may be found in the release notes<\/a>.<\/p>\n

Spring Vault<\/p>\n

The first milestone release<\/a> of Spring Vault<\/a> 4.0.0 features: an alignment with Spring Framework 7.0; support for JSpecify<\/a> for improved null safety; and a new ClientConfiguration<\/a><\/strong> class that adds support for Reactor, Jetty and JDK HTTP implementations of the SpringFramework ClientHttpRequestFactory<\/a><\/strong> interface. Further details on this release may be found in the release notes<\/a>.<\/p>\n

End of OSS Support<\/p>\n

Release trains for all of these Spring projects (plus Spring Framework), with links to their respective timelines, will reach end of OSS support on June 30, 2025:<\/p>\n

End of enterprise support for all of these projects will reach end of life on June 30, 2026.<\/p>\n","protected":false},"excerpt":{"rendered":"There was a flurry of activity in the Spring ecosystem during the week of June 16th, 2025, highlighting:…\n","protected":false},"author":3,"featured_media":7695,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[9019,9020,9018,9017,648,1032,9022,1033,2556,171,9024,2719,9021,9025,9026,9016,9023,67,132,68],"class_list":{"0":"post-7694","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-arts-and-design","8":"tag-amqp","9":"tag-apache-kafka","10":"tag-apache-pulsar","11":"tag-architecture-design","12":"tag-arts","13":"tag-arts-and-design","14":"tag-authorization","15":"tag-design","16":"tag-development","17":"tag-entertainment","18":"tag-java","19":"tag-open-source","20":"tag-spring-boot","21":"tag-spring-integration","22":"tag-spring-modulith","23":"tag-spring-news-roundup-jun16-2025","24":"tag-spring-security","25":"tag-united-states","26":"tag-unitedstates","27":"tag-us"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@us\/114732092784911490","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/posts\/7694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/comments?post=7694"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/posts\/7694\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/media\/7695"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/media?parent=7694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/categories?post=7694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/us\/wp-json\/wp\/v2\/tags?post=7694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}