On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 3.5.15 has been released and is now available from Maven Central. This release includes 70 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests. CVE reports This release addresses the following CVEs: CVE-2026-40992 "Mail Auto-Configuration Does Not Enable SSL Hostname Verification" CVE-2026-41001 "Predictable Temp Directory in Artemis Auto-configuration" How can you help? If you're interested in helping out…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 4.0.7 has been released and is now available from Maven Central. This release includes 77 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests. CVE reports This release addresses the following CVEs: CVE-2026-40992 "Mail Auto-Configuration Does Not Enable SSL Hostname Verification" CVE-2026-41001 "Predictable Temp Directory in Artemis Auto-configuration" How can you help? If you're interested in helping out, check…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 4.1.0 has been released and is now available from Maven Central. This release includes a number of improvements, new features and dependency upgrades. It also includes all of the bug fixes, documentation improvements and security fixes from Spring Boot 4.0.7. Highlights from this release include: Spring gRPC support. Updated Jackson configuration properties and customization support. HTTP Client SSRF Mitigation with InetAddressFilter. Multiple updates related to observability, include updated…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring REST Docs 4.0.1 has been released and is now available from Maven Central. This release includes 10 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests. CVE reports This release addresses the following CVEs: CVE-2026-40991 "XML External Entity (XXE) injection when documenting untrusted XML content" How can you help? If you're interested in helping out, check out the "ideal for contribution" tag in the issue…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring REST Docs 3.0.6 has been released and is now available from Maven Central. This release includes 9 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests. CVE reports This release addresses the following CVEs: CVE-2026-40991 "XML External Entity (XXE) injection when documenting untrusted XML content" How can you help? If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 3.5.14 has been released and is now available from Maven Central. This release includes 48 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests. CVE reports This release addresses the following CVEs: CVE-2026-40971 "RabbitMQ auto-configuration with an SSL bundle disables TLS hostname verification" CVE-2026-40972 "DevTools remote secret comparison is vulnerable to timing attacks" CVE-2026-40973 "Predictable temp…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 4.0.6 has been released and is now available from Maven Central. This release includes 65 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests. CVE reports This release addresses the following CVEs: CVE-2026-40970 "Elasticsearch auto-configuration with an SSL bundle disables TLS hostname verification" CVE-2026-40971 "RabbitMQ auto-configuration with an SSL bundle disables TLS hostname verification" CVE-2026-4097…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 4.1.0-RC1 has been released and is now available from Maven Central. This release includes 113 enhancements, documentation improvements, dependency upgrades, and bug fixes. Notable new features include: Support for OpenTelemetry SDK environment variables HTTP Client SSRF Mitigation with InetAddressFilter Support for LazyConnectionDataSourceProxy Please see the release notes for more details and upgrade instructions. Thanks to all those who have contributed with issue reports and pull requests. How…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 3.5.13 has been released and is now available from Maven Central. This release includes 15 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests. How can you help? If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag. Project Page | GitHub | Issues | Documentation | Stack…

On behalf of the team and everyone who has contributed, I'm happy to announce that Spring Boot 4.0.5 has been released and is now available from Maven Central. This release includes 17 bug fixes, documentation improvements, and dependency upgrades. Thanks to all those who have contributed with issue reports and pull requests. How can you help? If you're interested in helping out, check out the "ideal for contribution" tag in the issue repository. If you have general questions, please ask on stackoverflow.com using the spring-boot tag. Project Page | GitHub | Issues | Documentation | Stack…