RepoJournal
Spring

@spring-projects

Spring Framework, Spring Boot, and the JVM enterprise layer

Pick a date

  1. Sat 16 may
  2. Sun 17 may
  3. Mon 18 may
  4. Tue 19 may
  5. Wed 20 may
  6. Thu 21 may
  7. Sat 23 may
  8. Sun 24 may
  9. Mon 25 may
  10. Tue 26 may
  11. Wed 27 may
  12. Thu 28 may
  13. Fri 29 may
  14. Sat 30 may
  15. Sun 31 may
  16. Mon 1 jun
  17. Mon 8 jun
  18. Tue 9 jun
  19. Today 10 jun

The Wire · Showcase

SPRING AI STREAMING FIX PATCHES SILENT DATA LOSS, SECURITY PROJECTS PIN NODE 24.15

By RepoJournal · Filed · About Spring

Spring AI 2.0.0-M7 ships a critical reactive streaming fix that was dropping response chunks in production, while security teams across the stack locked Node to 24.15 after Node 24.16 broke docs builds.

The Spring AI team patched a nasty bug in ChatModel streaming where the reactive switchMap operator was silently discarding parts of streamed responses when downstream processing stalled [1]. This is the kind of bug that ships to production unnoticed, so if you're on Spring AI 2.x and streaming, pull this immediately [2]. The fix is already backported. Spring AI also shipped M7 with the ToolSpec fluent API and CosmosDB components removed, plus a breaking change to MCP SDK 2.0.0-M3 where `model` and `maxTokens` are now mandatory at construction time [3], [4]. Meanwhile, Spring Security, Spring Session, and Spring LDAP all pinned Node 24.15 after upgrading to 24.16 broke Antora docs builds overnight [5], [6], [7]. Spring Tools merged a fix for version validation to respect commercial repository configuration in the build file [8], and Spring Security applied a breaking change restricting the PathPatternRequestMatcher.Builder bean to application endpoints only [9].

Action items

References

  1. [1] fix: Avoid switchMap in ChatModel streaming ↗ spring-projects/spring-ai
  2. [2] fix: Avoid switchMap in ChatModel streaming (#6124) spring-projects/spring-ai
  3. [3] Spring AI 2.0.0-M7 ↗ spring-projects/spring-ai
  4. [4] Update tests and docs for MCP SDK 2.0.0-M3 breaking API changes spring-projects/spring-ai
  5. [5] Update NodeJS to 24.15 spring-projects/spring-security
  6. [6] Update NodeJS to 24.15 spring-projects/spring-session
  7. [7] Update NodeJS to 24.15 spring-projects/spring-ldap
  8. [8] Version validation based on repos setup in build file and commercial repo in settings (#1893) spring-projects/spring-tools
  9. [9] Apply Builder Bean Only to Application Endpoints spring-projects/spring-security

FAQ

What changed in Spring on May 23, 2026?
Spring AI 2.0.0-M7 ships a critical reactive streaming fix that was dropping response chunks in production, while security teams across the stack locked Node to 24.15 after Node 24.16 broke docs builds.
What should Spring teams do about it?
Update Spring AI to 2.0.0-M7 immediately if streaming ChatModel responses • Review MCP SDK 2.0.0-M3 integration for mandatory field changes before upgrading • Verify Spring Security PathPatternRequestMatcher.Builder bean scope if customizing matchers
Which Spring repositories shipped on May 23, 2026?
spring-projects/spring-ai, spring-projects/spring-security, spring-projects/spring-session, spring-projects/spring-ldap, spring-projects/spring-tools

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.