Visit NES for Spring Home Page
Spring Framework 6.1.x Release Notes
6 versions
Comprehensive release notes and changelog for Spring Framework 6.1.x, including security patches, bug fixes, and feature updates across all supported versions.
April 2026
6.1.27
Released Apr 17, 2026 Full Version:
6.1.21-spring-framework-6.1.27
Bug Fixes
- DoS with Multipart Temp Files in WebFlux (CVE-2026-22740)
- Static resource cache poisoning in Spring MVC and WebFlux (CVE-2026-22741)
- Denial of service in static resource handling on Windows platforms (CVE-2026-22745)
March 2026
6.1.26
Released Mar 23, 2026 Full Version:
6.1.21-spring-framework-6.1.26
Bug Fixes
- SSE content spoofing via unvalidated
idandeventfield values inSseEmitterandServerSentEvent(CVE-2026-22735). - Path traversal via unvalidated template location in
ScriptTemplateView(CVE-2026-22737).
October 2025
6.1.25
Released Oct 17, 2025 Full Version:
6.1.21-spring-framework-6.1.25
Bug Fixes
- This patches the Spring Framework STOMP over websocket CSRF vulnerability (CVE-2025-41254).
September 2025
6.1.24
Released Sep 16, 2025 Full Version:
6.1.21-spring-framework-6.1.24
Bug Fixes
- This patches the Spring Framework annotation detection vulnerability (CVE-2025-41249).
August 2025
6.1.23
Released Aug 15, 2025 Full Version:
6.1.21-spring-framework-6.1.23
Bug Fixes
- Fixed a "Path Traversal Vulnerability" occurring in Spring web MVC applications deployed to a Servlet container that is not secured.
- This addresses CVE-2025-41242.
Dependency Upgrades
- Aspectj
1.9.24 - AssertJ
3.27.4
July 2025
6.1.22
Released Jul 11, 2025 Full Version:
6.1.21-spring-framework-6.1.22
Notes
- This release originates from the open‑source Spring Framework repository forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds. This release contains no functional changes from Spring Framework
6.1.21. Full Version:6.1.21-spring-framework-6.1.22
Stay in the loop
~/herodevs-spring-framework-support
herodevs@nes:open-source$ ./display-support-info.sh