Visit NES for Spring Home Page
Spring Data Commons 2.5.x Release Notes
4 versions
Comprehensive release notes and changelog for Spring Data Commons 2.5.x, including security patches, bug fixes, and feature updates across all supported versions.
June 2026
2.5.16
Released Jun 15, 2026 Full Version:
2.5.12-spring-data-commons-2.5.16
Bug Fixes
- Bounded recursion in
PropertyPathresolution by consistently applying a maximum traversal depth, preventing aStackOverflowErrordenial of service when parsingSortparameters (CVE-2026-41711). - Replaced the unbounded per-type property cache used by
QuerydslPredicateArgumentResolverand@ProjectedPayloadbinding with a one-pass fixed-size map inTypeDiscoverer, preventing heap exhaustion from attacker-supplied property names (CVE-2026-41716). - Initialized
MapDataBinderwith a collection limit and tightened the proxying handler-method argument resolver, preventing excessive memory allocation when Spring Data Web Support is used together with a@ProjectedPayloadcontroller method (CVE-2026-41721).
Dependency Upgrades
- Spring Data Build (NES)
2.5.12-spring-data-build-2.5.16
April 2026
2.5.15
Released Apr 23, 2026 Full Version:
2.5.12-spring-data-commons-2.5.15
Dependency Upgrades
- Spring Data Build (NES)
2.5.12-spring-data-build-2.5.15
March 2026
2.5.14
Released Mar 25, 2026 Full Version:
2.5.12-spring-data-commons-2.5.14
Dependency Upgrades
- Spring Data Build (NES)
2.5.12-spring-data-build-2.5.14
2.5.13
Released Mar 11, 2026 Full Version:
2.5.12-spring-data-commons-2.5.13
Notes
- This release originates from the open‑source Spring Data Commons repository forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds. This release contains no functional changes from Spring Data Commons
2.5.12.
Dependency Upgrades
- Spring Data Build (NES)
2.5.12-spring-data-build-2.5.13
Stay in the loop
~/herodevs-spring-framework-support
herodevs@nes:open-source$ ./display-support-info.sh