This Week in Spring - June 30th, 2026

Engineering | Josh Long | June 30, 2026 | 2 min read | ...

Hi, Spring fans! Welcome to another installment of This Week in Spring, a weekly recap in which we review the latest and greatest in the wide and wonderful world of Spring. You probably already knew this. I don't know if I needed to mention it. But I like to. I've been doing this every week, nonstop, since January 2011.

I've just wrapped up a tour of Asia - Singapore; New Delhi, India; Bombay, India; Hyderabad, India; Tokyo, Japan; and Nagoya, Japan. It's been a ton of fun, but now I'm on some much-needed vacation in Kyoto, Japan and Okinawa, Japan. I plan on enjoying some downtime, chilling by the ocean and enjoying the amazing moment I find myself in. And what do I love to do when I'm relaxing? Learn, of course! And there's a ton to dive into this week in the wide and wonderful world of Spring.

  • Microsoft have a nice blog on the new Spring AI 2.0 release and its integration with Azure CosmosDB
  • Super cool: Craig Walls has a nice recipe on using voice with Spring AI and ElevenLabs Voices
  • Remember, as always: the latest and greatest version of Spring Boot (4.1) has been out for a few weeks, and with it a ton of new features and patches for CVEs. Here's how things work: researchers find vulnerabilities. Oftentimes these days, these vulnerabilities are discovered with AI. They come to us and privately and responsibly disclose the vulnerability. We validate and then fix the vulnerability and release that fix to Maven Central. We do this for at least all versions of a given project that are in open-source support. You can see the open-source support timelines by looking at a given project's support tab. For example, here's Spring Boot's. See those green bars? Those indicate open-source support. The yellow indicates paid, enterprise support. It's at that point - when the artifacts hit Maven Central - that you should be updating your code as quickly as possible. Sometime after, we then announce the CVE itself. The disclosure of those CVEs is a dinner bell for bad actors. You want to have your code updated and patched before the CVE shows up on this Spring Security Advisories page. AI has made the process of identifying CVEs a lot easier and the volume of CVEs has increased manifold. We used to get maybe one or two CVEs a month. Starting earlier this year, that number started skyrocketing. Scroll the Security Advisories page and you will see dozens of CVEs all announced in recent weeks. Please update! (There are a ton of cool features, too, of course.)
  • Speaking of new features, and I know I already wrote about this one before, but I love the new MongoDB-backed Spring Batch repositories now supported with auto-configuration out of the box in Spring Boot 4.1 and so I wrote about it here
  • I love this new blog from Christian Tsolov called Self-Correcting Structured Output in Spring AI 2.0
  • Spring Boot 3.5.16 is available now.
  • Speaking of CVEs, DaShaun Carter and I talked about the state of CVEs here in this episode of the podcast
  • Did you see InfoQ's roundup of the latest and greatest in the Spring ecosystem?
  • Speaking of Japan, CodeZine has a nice (Japanese-language) series on Spring Boot - check it out!
  • Baeldung has a nice post on building agent skills with Spring AI

Get the Spring newsletter

Stay connected with the Spring newsletter

Subscribe

Get ahead

VMware offers training and certification to turbo-charge your progress.

Learn more

Get support

Tanzu Spring offers support and binaries for OpenJDKTM, Spring, and Apache Tomcat® in one simple subscription.

Learn more

Upcoming events

Check out all the upcoming events in the Spring community.

View all