Spring Boot2.7.33

Takes an opinionated view of building Spring applications and gets you up and running as quickly as possible.

Version(s)
Support

Reference Doc-API Doc

Changelog

🐞 Bug Fixes

CVE-2026-40977: PID file write follows symlinks at predictable default path
CVE-2026-40975: Random value property source uses a weak PRNG unsuitable for secrets
CVE-2026-40974: Cassandra SSL auto-configuration disables TLS hostname verification
CVE-2026-40973: Predictable temp directory accepted without ownership verification
CVE-2026-40972: DevTools remote secret comparison is vulnerable to timing attacks

🔨 Dependency Upgrades

Upgrade to Lombok 1.18.46
Upgrade to Netty 4.1.132.Final
Upgrade to Spring Framework 5.3.48
Upgrade to Spring Security 5.7.23
Upgrade to Tomcat 9.0.117

Get Started with Tanzu Spring today

Apache®, Apache Tomcat®, Apache Kafka, Apache Geode and Kubernetes are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. Windows® is a registered trademark of the Microsoft Corporation. Other names may be trademarks of their respective owners.