The Wire · Showcase
SPRING STACK TIGHTENS SECURITY AND DEPRECATION CYCLE
By RepoJournal · Filed · About Spring
Spring Boot restores critical Spring Security integration with HtmlUnitDriver after a missed bean registration, while Spring AI begins retiring legacy Mistral models ahead of 2.0.0-RC1.
Spring Boot fixed a regression where securityDelegateMockMvcHtmlUnitDriverCustomizer lost its @Bean annotation, breaking Spring Security integration with HtmlUnitDriver [1]. This is the kind of subtle autowiring bug that ships silently and breaks tests downstream. In the same release cycle, Spring Boot addressed SSL enablement logic across Cassandra, Redis, and MongoDB [2], ensuring empty bundle overrides are treated as unset rather than enabled, matching RabbitMQ's existing behavior. Spring AI is actively managing its Mistral model portfolio ahead of 2.0.0-RC1, removing devstral-medium-latest and retiring devstral-small-latest while deprecating three additional models [9]. Dependency housekeeping continues across the ecosystem: Jackson 2.21.4 and 3.1.4 are rolling out across Spring Integration and Spring Kafka [3][4][5][6], while Kafka itself advances to 4.2.1 [7]. MongoDB driver bumps to 5.7.1 with improved OSGi support [8]. Spring Boot also removed stale gRPC 3rd party starter references from documentation [10].
Action items
- → Test HtmlUnitDriver integration if using Spring Security mock MVC in your test suite spring-projects/spring-boot [plan]
- → Review SSL bundle configuration for Cassandra, Redis, and MongoDB if using empty string overrides spring-projects/spring-boot [monitor]
- → Update Mistral model references before Spring AI 2.0.0-RC1 if using deprecated models spring-projects/spring-ai [plan]
- → Pull Jackson 2.21.4 and 3.1.4 in your next dependency refresh spring-projects/spring-integration [monitor]
References
- [1] Restore Spring Security integration with HtmlUnitDriver spring-projects/spring-boot
- [2] SSL should not be enabled when a SSL bundle is overridden to an empty string ↗ spring-projects/spring-boot
- [3] Bump tools.jackson:jackson-bom from 3.1.3 to 3.1.4 ↗ spring-projects/spring-integration
- [4] Bump com.fasterxml.jackson:jackson-bom from 2.21.3 to 2.21.4 ↗ spring-projects/spring-integration
- [5] Bump com.fasterxml.jackson:jackson-bom from 2.21.3 to 2.21.4 ↗ spring-projects/spring-kafka
- [6] Bump tools.jackson:jackson-bom from 3.1.3 to 3.1.4 ↗ spring-projects/spring-kafka
- [7] Bump kafkaVersion from 4.2.0 to 4.2.1 ↗ spring-projects/spring-kafka
- [8] Bump org.mongodb:mongodb-driver-bom from 5.7.0 to 5.7.1 ↗ spring-projects/spring-integration
- [9] Update Mistral AI chat models ↗ spring-projects/spring-ai
- [10] Remove gRPC 3rd party starter reference spring-projects/spring-boot
FAQ
- What changed in Spring on May 31, 2026?
- Spring Boot restores critical Spring Security integration with HtmlUnitDriver after a missed bean registration, while Spring AI begins retiring legacy Mistral models ahead of 2.0.0-RC1.
- What should Spring teams do about it?
- Test HtmlUnitDriver integration if using Spring Security mock MVC in your test suite • Review SSL bundle configuration for Cassandra, Redis, and MongoDB if using empty string overrides • Update Mistral model references before Spring AI 2.0.0-RC1 if using deprecated models
- Which Spring repositories shipped on May 31, 2026?
- spring-projects/spring-boot, spring-projects/spring-integration, spring-projects/spring-kafka, spring-projects/spring-ai