Visit NES for Spring Home Page
Spring Cloud Config 3.1.x Release Notes
7 versions
Comprehensive release notes and changelog for Spring Cloud Config 3.1.x, including security patches, bug fixes, and feature updates across all supported versions.
May 2026
3.1.16
Released May 7, 2026 Full Version:
3.1.9-spring-cloud-config-3.1.16
Bug Fixes
- GCP Secret Manager backend restricts secret retrieval to an allow-list of project IDs (CVE-2026-40981).
- Directory traversal in
spring-cloud-config-serverresource lookups hardened with name, profile, and path validation (CVE-2026-40982). - File system manipulation hardened when using Git-backed repositories (CVE-2026-41002).
- AWS CodeCommit credential provider no longer logs credentials at trace level (CVE-2026-41004).
March 2026
3.1.15
Released Mar 26, 2026 Full Version:
3.1.9-spring-cloud-config-3.1.15
Bug Fixes
- Spring Cloud Config profile substitution can allow unintended access to files and enable SSRF attacks (CVE-2026-22739).
October 2025
3.1.14
Released Oct 1, 2025 Full Version:
3.1.9-spring-cloud-config-3.1.14
Dependency Upgrades
- Spring Cloud Bus (NES)
3.1.3-spring-cloud-bus-3.1.7
August 2025
3.1.13
Released Aug 25, 2025 Full Version:
3.1.9-spring-cloud-config-3.1.13
Dependency Upgrades
- Spring Cloud Build (NES)
3.1.9-spring-cloud-build-3.1.12 - Spring Cloud Bus (NES)
3.1.3-spring-cloud-bus-3.1.6 - Spring Cloud Commons (NES)
3.1.9-spring-cloud-commons-3.1.12 - Spring Vault (NES)
2.3.4-spring-vault-2.3.10
April 2025
3.1.12
Released Apr 8, 2025 Full Version:
3.1.9-spring-cloud-config-3.1.12
Bug Fixes
- This patches a bug in the Spring Cloud Config where, under certain conditions, the Vault token header may not be used in client requests to Vault CVE-2025-22232.
org.springframework.cloud:spring-cloud-config-server:3.1.9-spring-cloud-config-3.1.12
February 2025
3.1.11
Released Feb 24, 2025 Full Version:
3.1.9-spring-cloud-config-3.1.11
Notes
- Publish Spring Cloud Config under the
org.springframework.cloudgroup ID instead ofcom.herodevs.nes.springframework.cloud.
Dependency Upgrades
- Spring Cloud Build (NES):
3.1.9-spring-cloud-build-3.1.11 - Spring Cloud Bus (NES):
3.1.3-spring-cloud-bus-3.1.5 - Spring Cloud Commons (NES):
3.1.9-spring-cloud-commons-3.1.11 - Spring Cloud Vault (NES):
2.3.4-spring-vault-2.3.6
December 2024
3.1.10
Released Dec 23, 2024 Full Version:
3.1.9-spring-cloud-config-3.1.10
Notes
- This release originates from the open‑source Spring Cloud Config repository forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds. This release contains no functional changes from Spring Cloud Config
3.1.9. Full Version:3.1.9-spring-cloud-config-3.1.10
Stay in the loop
~/herodevs-spring-framework-support
herodevs@nes:open-source$ ./display-support-info.sh