Spring Boot 1.5.x Release Notes

10 versions

Comprehensive release notes and changelog for Spring Boot 1.5.x, including security patches, bug fixes, and feature updates across all supported versions.

Apr 28, 2026

Latest: 1.5.32

45 Patched Vulnerabilities

VEX Statements

April 2026

1.5.32

Released Apr 28, 2026

Full Version:

1.5.22-spring-boot-1.5.32

Bug Fixes

DevTools secret comparison hardened to be timing-safe (CVE-2026-40972).
ApplicationTemp directory ownership and symlink handling hardened (CVE-2026-40973).
Cassandra TLS hostname verification (CVE-2026-40974).
random.value property source switched from a weak PRNG to SecureRandom (CVE-2026-40975).
PID file writes use NOFOLLOW_LINKS to prevent symlink redirection (CVE-2026-40977).

Dependency Upgrades

Spring Framework (NES) 4.3.30-spring-framework-4.3.38
Spring Security (NES) 4.2.20-spring-security-4.2.30
Spring Social (NES) 1.1.6-spring-social-1.1.13
Spring Social Twitter (NES) 1.1.2-spring-social-twitter-1.1.9
Spring Web Services (NES) 2.4.7-spring-ws-2.4.14

March 2026

1.5.31

Released Mar 26, 2026

CVE-2026-22733

Full Version:

1.5.22-spring-boot-1.5.31

Bug Fixes

Patched Authentication Bypass under Actuator CloudFoundry endpoints vulnerability (CVE-2026-22733).

Dependency Upgrades

Spring Framework (NES) 4.3.30-spring-framework-4.3.37
Spring Security (NES) 4.2.20-spring-security-4.2.29
Spring Social (NES) 1.1.6-spring-social-1.1.12
Spring Social Twitter (NES) 1.1.2-spring-social-twitter-1.1.8
Spring Web Services (NES) 2.4.7-spring-ws-2.4.13

October 2025

1.5.30

Released Oct 23, 2025

Full Version:

1.5.22-spring-boot-1.5.30

Dependency Upgrades

Spring Framework (NES) 4.3.30-spring-framework-4.3.36
Spring Security (NES) 4.2.20-spring-security-4.2.28
Spring Social (NES) 1.1.6-spring-social-1.1.11
Spring Social Twitter (NES) 1.1.2-spring-social-twitter-1.1.7
Spring Web Services (NES) 2.4.7-spring-ws-2.4.12

August 2025

1.5.29

Released Aug 25, 2025

Full Version:

1.5.22-spring-boot-1.5.29

Dependency Upgrades

Spring Framework (NES) 4.3.30-spring-framework-4.3.35
Spring Security (NES) 4.2.20-spring-security-4.2.27
Spring Social (NES) 1.1.6-spring-social-1.1.10
Spring Social Twitter (NES) 1.1.2-spring-social-twitter-1.1.6
Spring WS (NES) 2.4.7-spring-ws-2.4.11

May 2025

1.5.28

Released May 22, 2025

Full Version:

1.5.22-spring-boot-1.5.28

Dependency Upgrades

Spring Framework (NES) 4.3.30-spring-framework-4.3.34
Spring Security (NES) 4.2.20-spring-security-4.2.26
Spring Social (NES) 1.1.6-spring-social-1.1.9
Spring Social Twitter (NES) 1.1.2-spring-social-twitter-1.1.5
Spring WS (NES) 2.4.7-spring-ws-2.4.10

April 2025

1.5.27

Released Apr 30, 2025

Full Version:

1.5.22-spring-boot-1.5.27

Dependency Upgrades

Spring Security (NES) 4.2.20-spring-security-4.2.25

March 2025

1.5.26

Released Mar 20, 2025

Full Version:

1.5.22-spring-boot-1.5.26

Dependency Upgrades

Spring Security (NES) 4.2.20-spring-security-4.2.24

February 2025

1.5.25

Released Feb 24, 2025

Full Version:

1.5.22-spring-boot-1.5.25

Notes

Publish Spring Boot under the org.springframework.boot group ID instead of com.herodevs.nes.springframework.boot.

Dependency Upgrades

Spring Amqp 1.7.15.RELEASE
Spring Framework (NES): 4.3.30-spring-framework-4.3.33
Spring Integration 4.3.24.RELEASE
Spring Ldap 2.3.8.RELEASE
Spring Retry 1.2.5.RELEASE
Spring Security (NES): 4.2.20-spring-security-4.2.23
Spring Security Jwt 1.0.11.RELEASE
Spring Security Oauth: 2.0.19.RELEASE
Spring Social (NES): 1.1.6-spring-social-1.1.8
Spring Social Twitter (NES): 1.1.2-spring-social-twitter-1.1.4
Spring WS (NES): 2.4.7-spring-ws-2.4.9
Appengine Sdk 1.9.98
Commons Beanutils 1.9.4
Freemarker 2.3.34
Groovy 2.4.21
Gson 2.8.9
Httpasyncclient 4.1.5
Httpclient 4.5.14
Httpcore 4.4.16
Infinispan 8.2.12.Final
Jackson 2.8.11.20200310
Jboss Logging 3.3.3.Final
Jboss Transaction Spi 7.6.1.Final
Jdom2 2.0.6.1
Mssql Jdbc 6.1.0.jre8
Mysql 5.1.49
Slf4j 1.7.36
Tomcat 8.5.98
Undertow 1.4.28.Final

December 2024

1.5.24

Released Dec 18, 2024

CVE-2022-27772

CVE-2023-20883

Full Version:

1.5.22-spring-boot-1.5.24

Bug Fixes

This release patches the following:
- Temporary Directory Hijacking to Local Privilege Escalation Vulnerability (CVE-2022-27772).
  - com.herodevs.nes.springframework.boot:spring-boot:1.5.22-spring-boot-1.5.24
- Spring Boot Welcome Page DoS Vulnerability (CVE-2023-20883).
  - com.herodevs.nes.springframework.boot:spring-boot-autoconfigure:1.5.22-spring-boot-1.5.24
  - com.herodevs.nes.springframework.boot:spring-boot-test-autoconfigure:1.5.22-spring-boot-1.5.24

Notes

This release updates Spring Framework to NES version 4.3.32 and Spring Security NES to NES version 4.2.22.

November 2024

1.5.23

Released Nov 27, 2024

Full Version:

1.5.22-spring-boot-1.5.23

Notes

This is the initial release of Spring Boot 1.5.22 from the open‑source Spring Boot repository forked by HeroDevs.
This release contains no functional changes from Spring Boot 1.5.22. Full Version: 1.5.22-spring-boot-1.5.23

Stay in the loop

~/herodevs-spring-framework-support

Open Source Support

When official support ends, we're just getting started.

New releases published regularly — check back often for the latest security updates

$ cat features.txt

Security Patches
Regular updates to keep your applications secure
CVE Remediation
Rapid response to critical vulnerabilities
Expert Support
Direct access to our development team