Spring AMQP 2.3.x Release Notes

4 versions

Comprehensive release notes and changelog for Spring AMQP 2.3.x, including security patches, bug fixes, and feature updates across all supported versions.

Jun 15, 2026

Latest: 2.3.20

7 Patched Vulnerabilities

VEX Statements

June 2026

2.3.20

Released Jun 15, 2026

CVE-2026-41701

CVE-2026-41714

Full Version:

2.3.16-spring-amqp-2.3.20

Bug Fixes

Switched RabbitTemplate.sendAndReceive() reply correlation IDs from a predictable AtomicInteger to a UUID, preventing an attacker on a shared reply queue from poisoning or stealing replies destined for another caller (CVE-2026-41701).
Fixed RabbitConnectionFactoryBean to enable SSL automatically when an amqps:// URI is configured, so TLS connections are no longer silently established without certificate or hostname verification (CVE-2026-41714).

Dependency Upgrades

Spring Framework (NES) 5.3.39-spring-framework-5.3.52
Spring Retry (NES) 1.3.4-spring-retry-1.3.12

April 2026

2.3.19

Released Apr 23, 2026

CVE-2023-34050

Full Version:

2.3.16-spring-amqp-2.3.19

Bug Fixes

This patches the Java deserialization vulnerability in Spring AMQP (CVE-2023-34050). SerializationUtils.checkAllowedList(...) no longer permits deserialization when no allowed class name patterns are configured, and throws a SecurityException instead.

Dependency Upgrades

Spring Framework (NES) 5.3.39-spring-framework-5.3.51
Spring Retry (NES) 1.3.4-spring-retry-1.3.11

March 2026

2.3.18

Released Mar 25, 2026

Full Version:

2.3.16-spring-amqp-2.3.18

Dependency Upgrades

Spring Framework (NES) 5.3.39-spring-framework-5.3.50
Spring Retry (NES) 1.3.4-spring-retry-1.3.10

2.3.17

Released Mar 11, 2026

Full Version:

2.3.16-spring-amqp-2.3.17

Notes

This release originates from the open‑source Spring AMQP repository forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds. This release contains no functional changes from Spring AMQP 2.3.16.

Dependency Upgrades

Spring Framework (NES) 5.3.39-spring-framework-5.3.49
Spring Retry (NES) 1.3.4-spring-retry-1.3.9

Stay in the loop

~/herodevs-spring-framework-support

Open Source Support

When official support ends, we're just getting started.

New releases published regularly — check back often for the latest security updates

$ cat features.txt

Security Patches
Regular updates to keep your applications secure
CVE Remediation
Rapid response to critical vulnerabilities
Expert Support
Direct access to our development team