Visit NES for Spring Home Page
Spring Cloud Config 4.1.x Release Notes
3 versions
Comprehensive release notes and changelog for Spring Cloud Config 4.1.x, including security patches, bug fixes, and feature updates across all supported versions.
May 2026
4.1.10
Released May 7, 2026 Full Version:
4.1.7-spring-cloud-config-4.1.10
Bug Fixes
- GCP Secret Manager backend restricts secret retrieval to an allow-list of project IDs (CVE-2026-40981).
- Directory traversal in
spring-cloud-config-serverresource lookups hardened with name, profile, and path validation (CVE-2026-40982). - File system manipulation hardened when using Git-backed repositories (CVE-2026-41002).
- AWS CodeCommit credential provider no longer logs credentials at trace level (CVE-2026-41004).
March 2026
4.1.9
Released Mar 26, 2026 Full Version:
4.1.7-spring-cloud-config-4.1.9
Bug Fixes
- Spring Cloud Config profile substitution can allow unintended access to files and enable SSRF attacks (CVE-2026-22739).
September 2025
4.1.8
Released Sep 12, 2025 Full Version:
4.1.7-spring-cloud-config-4.1.8
Notes
- This release originates from the open‑source Spring Cloud Config repository forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds. This release contains no functional changes from Spring Cloud Config
4.1.7.
Dependency Upgrades
- Spring Cloud Build (NES)
4.1.6-spring-cloud-build-4.1.7 - Spring Cloud Bus (NES)
4.1.3-spring-cloud-bus-4.1.4 - Spring Cloud Commons (NES)
4.1.6-spring-cloud-commons-4.1.7Full Version:4.1.7-spring-cloud-config-4.1.8
Stay in the loop
~/herodevs-spring-framework-support
herodevs@nes:open-source$ ./display-support-info.sh