Spring Boot3.3.19

Takes an opinionated view of building Spring applications and gets you up and running as quickly as possible.

Version(s)
Support

Reference Doc-API Doc

Changelog

🐞 Bug Fixes

CVE-2026-40973: Predictable temp directory accepted without ownership verification
CVE-2026-40977: PID file write follows symlinks at predictable default path
CVE-2026-40975: Random value property source uses a weak PRNG unsuitable for secrets
CVE-2026-40974: Cassandra SSL auto-configuration disables TLS hostname verification
CVE-2026-40972: DevTools remote secret comparison is vulnerable to timing attacks

🔨 Dependency Upgrades

Upgrade to Groovy 4.0.31
Upgrade to Jaxen 2.0.1
Upgrade to Jaybird 5.0.12.java11
Upgrade to Jetty 12.0.34
Upgrade to jOOQ 3.19.32
Upgrade to Lombok 1.18.46
Upgrade to Netty 4.1.132.Final
Upgrade to Spring Authorization Server 1.3.11
Upgrade to Spring Framework 6.1.27
Upgrade to Spring Security 6.3.16
Upgrade to Thymeleaf 3.1.5.RELEASE
Upgrade to Thymeleaf Extras SpringSecurity 3.1.5.RELEASE
Upgrade to Tomcat 10.1.54
Upgrade to Undertow 2.3.24.Final

Get Started with Tanzu Spring today

Apache®, Apache Tomcat®, Apache Kafka, Apache Geode and Kubernetes are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates. Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries. Windows® is a registered trademark of the Microsoft Corporation. Other names may be trademarks of their respective owners.