Spring Boot3.4.16

Takes an opinionated view of building Spring applications and gets you up and running as quickly as possible.

Version(s)
Support

Reference Doc-API Doc

Changelog

🐞 Bug Fixes

CVE-2026-40973: Predictable temp directory accepted without ownership verification
CVE-2026-40977: PID file write follows symlinks at predictable default path
CVE-2026-40975: Random value property source uses a weak PRNG unsuitable for secrets
CVE-2026-40974: Cassandra SSL auto-configuration disables TLS hostname verification
CVE-2026-40972: DevTools remote secret comparison is vulnerable to timing attacks

🔨 Dependency Upgrades

Upgrade to Hibernate 6.6.49.Final
Upgrade to Jaxen 2.0.1
Upgrade to jOOQ 3.19.32
Upgrade to Lombok 1.18.46
Upgrade to MySQL 9.7.0
Upgrade to Reactor Bom 2024.0.17
Upgrade to Spring AMQP 3.2.10
Upgrade to Spring Authorization Server 1.4.10
Upgrade to Spring Framework 6.2.18
Upgrade to Spring Kafka 3.3.15
Upgrade to Spring Pulsar 1.2.17
Upgrade to Spring Security 6.4.16
Upgrade to Thymeleaf 3.1.5.RELEASE
Upgrade to Thymeleaf Extras SpringSecurity 3.1.5.RELEASE

Get Started with Tanzu Spring today

Apache®, Apache Tomcat®, Apache Kafka, Apache Geode and Kubernetes are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. Windows® is a registered trademark of the Microsoft Corporation. Other names may be trademarks of their respective owners.