The Wire · Showcase
SPRING-AI STRIPS BLOAT, SPRING-BOOT PATCHES FILE DESCRIPTOR LEAK
By RepoJournal · Filed · About Spring
Spring AI is cutting unnecessary dependencies and deprecating its ChatClient customizer in a cleanup push that signals cleaner architecture ahead.
Spring AI merged four cleanup commits that remove transitive dependency bloat [1][2][3], including spring-boot-jdbc from Redis modules and redundant starter dependencies that were already inherited. These removals ship alongside a ChatClient customizer deprecation [4] that introduces ChatClientBuilderCustomizer to replace it, updating the entire builder pattern in one sweep. Over in Spring Boot, a critical file descriptor leak in InspectingOutputStream went unpatched until now [5], with the stream failing to close its underlying FileOutputStream delegate when content exceeds the 4KB memory limit, leaving handles dangling. The same session also fixed an RSocket-specific null pointer exception in SSL bundle lookups [6] that was already corrected in the shared customizer but missed in RSocket's modularized copy. Rounding out the day: Jackson bumped to 3.1.4 across both Security and Session [7][8][9], mockk updated to 1.14.11 with matcher improvements [10], and documentation corrections landed for Gradle module replacement references [11][12][13].
Action items
- → Upgrade Spring Boot before next deploy to patch FileOutputStream leak spring-projects/spring-boot [immediate]
- → Review Spring AI ChatClient customizer usage, plan migration to ChatClientBuilderCustomizer spring-projects/spring-ai [plan]
- → Bump Jackson to 3.1.4 across Security and Session projects spring-projects/spring-security [plan]
- → Monitor RSocket SSL bundle handling in next Spring Boot release spring-projects/spring-boot [monitor]
References
- [1] Remove accidental spring-boot-jdbc from redis related modules spring-projects/spring-ai
- [2] Remove spring-boot-starter-test spring-projects/spring-ai
- [3] Remove spring-boot-starter spring-projects/spring-ai
- [4] Deprecate and rename ChatClient customizer ↗ spring-projects/spring-ai
- [5] Close FileOutputStream delegate in InspectingOutputStream ↗ spring-projects/spring-boot
- [6] NullPointerException in reactor-netty SniProvider and unmapped SSL bundle with RSocket ↗ spring-projects/spring-boot
- [7] Bump tools.jackson:jackson-bom from 3.1.3 to 3.1.4 ↗ spring-projects/spring-security
- [8] Bump tools.jackson:jackson-bom from 3.1.3 to 3.1.4 ↗ spring-projects/spring-session
- [9] Bump tools.jackson.core:jackson-databind from 3.1.3 to 3.1.4 ↗ spring-projects/spring-session
- [10] Bump io.mockk:mockk from 1.14.9 to 1.14.11 ↗ spring-projects/spring-security
- [11] Merge pull request #50641 from ngocnhan-tran1996 spring-projects/spring-boot
- [12] Fix reference to Gradle's module replacement section spring-projects/spring-boot
- [13] Fix reference to Gradle documentation for module replacement ↗ spring-projects/spring-boot
FAQ
- What changed in Spring on June 1, 2026?
- Spring AI is cutting unnecessary dependencies and deprecating its ChatClient customizer in a cleanup push that signals cleaner architecture ahead.
- What should Spring teams do about it?
- Upgrade Spring Boot before next deploy to patch FileOutputStream leak • Review Spring AI ChatClient customizer usage, plan migration to ChatClientBuilderCustomizer • Bump Jackson to 3.1.4 across Security and Session projects
- Which Spring repositories shipped on June 1, 2026?
- spring-projects/spring-ai, spring-projects/spring-boot, spring-projects/spring-security, spring-projects/spring-session