"The third milestone release of Spring Boot 4.0.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: a refactor of the class so that calls to adapter or predicate methods are no longer made by default if the source value is ; and a replacement of the @OptionalParameter annotation on optional actuator endpoint parameters with the annotation provided by JSpecify. More details on this release, including breaking changes, may be found in the release notes and wiki page."
"The Spring Framework team has disclosed CVE-2025-41249, Spring Framework Annotation Detection Vulnerability, a vulnerability where the Spring Framework annotation detection mechanism " may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics." This CVE, affecting versions 6.2.0 - 6.2.10, 6.1.0 - 6.1.22 and 5.3.0 - 5.3.44, is only applicable for applications using the Spring Security @EnableMethodSecurity annotation."
During the week of September 15, 2025, third milestone releases arrived for Spring Boot, Spring Security, Spring for GraphQL, Spring Integration, Spring Modulith, Spring REST Docs, Spring Batch and Spring for Apache Pulsar. Spring Boot 4.0.0-M3 includes bug fixes, documentation improvements, dependency upgrades, a refactor to avoid adapter or predicate calls when the source value is null, and replacement of @OptionalParameter with the JSpecify annotation for optional actuator endpoint parameters. Spring Framework disclosed CVE-2025-41249, an annotation detection issue affecting specific 6.2.x, 6.1.x and 5.3.x ranges when using @EnableMethodSecurity. Spring Cloud 2025.1.0-M2 (Oakwood) provides updates to Kubernetes, Function, Stream and Circuit Breaker and is compatible with Spring Boot 4.0.0-M2.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]