Description Spring Framework MVC applications can be vulnerable to a “Path Traversal Vulnerability” when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: the application is deployed as a WAR or with an embedded Servlet container the Servlet container does not reject suspicious sequences the application serves static resources ...

2025年7月17日 · On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Framework 6.2.9 is available now.

2025年7月24日 · On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 3.5.4 has been released and is now available from Maven Central. This release includes 53 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests. How can you help? If you're interested in helping out, check out the ...

Integrate AI into your Spring applications without reinventing the wheel. Quickly deliver production‑grade features with independently evolvable microservices. Spring's asynchronous, nonblocking architecture means you can get more from your computing resources. Your code, any cloud—we’ve got you covered. Connect and scale your services, whatever your platform. Frameworks for fast, secure ...

2025年8月14日 · Level up your Java code and explore what Spring can do for you.

2025年5月22日 · On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 3.4.6 has been released and is now available from Maven Central. This release includes 39 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests. How can you help? If you're interested in helping out, check out the ...

{"_links":{"gradle-project":{"href":"https://start.spring.io/starter.zip?type=gradle-project{&dependencies,packaging,javaVersion,language,bootVersion,groupId ...

2024年10月28日 · In Spring Security 6.2 and 6.3, we have worked to steadily improve configuration for applications using OAuth2 Client. Configuration for common use cases has been simplified by allowing applications to publish beans which are automatically included in the overall OAuth2 Client configuration during application startup. Recent improvements include: Extension grant types can be enabled simply by ...

2025年7月24日 · On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 4.0.0-M1 has been released and is now available from Maven Central!! This release includes is the first milestone of the 4.x generation and is the first release including our efforts to modularize the codebase. It is also the first milestone that we are publishing to Maven central. Please see the ...

2025年4月24日 · On behalf of the team and everyone who has contributed, I am pleased to announce that Spring Boot 2.7.25, 3.1.16, 3.2.14, 3.3.11, and 3.4.5 are available now, which fix CVE-2025-22235. Please refer to the releases page for more details. Commercial customers using Spring Boot 2.7, 3.1, or 3.2 will be able to update to Spring Boot 2.7.25, 3.1.16, or 3.2.14 respectively. These Spring Boot ...