RepoJournal
Spring

@spring-projects

Spring Framework, Spring Boot, and the JVM enterprise layer

Pick a date

The Wire · Showcase

SPRING BOOT 4.1.0 SHIPS WITH SECURITY HARDENING, SPRING TOOLS ADDS CLAUDE CODE PLUGIN

By RepoJournal · Filed · About Spring

Spring Boot 4.1.0 is live with reduced memory overhead and critical mail/Artemis security fixes that shipped backports across three maintenance branches in the same window.

Spring Boot 4.1.0 [1] landed with memory improvements to WritableJson.toByteArray and a new public constructor for InvalidConfigurationPropertyValueException, but the real news is what came with it. The Boot team simultaneously released v3.5.15 [2] and v4.0.7 [3], and both patch two critical security gaps: hostname verification is now enabled by default in Mail auto-configuration [4], and Artemis embedded brokers no longer use predictable temp directories [5]. This coordinated push signals these weren't edge cases. Meanwhile, Spring Tools hit 5.2.0 [7] with an experimental Claude Code Plugin that runs an embedded MCP server to surface Spring Boot-specific tools to the LLM without conflicting with your Java Language Server. Spring AI cleaned house overnight [8][9][10][11], stripping out orphaned documentation sections, obsolete example classes, and deprecated property references that were cluttering the codebase. Spring Session bumped to Boot 4.1.0 [6], and Spring Statemachine docs are now aligned for the v4 release cycle [12].

Action items

References

  1. [1] v4.1.0 ↗ spring-projects/spring-boot
  2. [2] v3.5.15 ↗ spring-projects/spring-boot
  3. [3] v4.0.7 ↗ spring-projects/spring-boot
  4. [4] Enable hostname verification by default in Mail auto-config spring-projects/spring-boot
  5. [5] Fix predictable temp directory in Artemis embedded configuration spring-projects/spring-boot
  6. [6] Bump org.springframework.boot:spring-boot-gradle-plugin from 4.1.0-SNAPSHOT to 4.1.0 ↗ spring-projects/spring-session
  7. [7] 5.2.0.RELEASE ↗ spring-projects/spring-tools
  8. [8] Remove unrelated sections from imageclient.adoc spring-projects/spring-ai
  9. [9] fix (docs): Fix removed model enable/disable property references in docs spring-projects/spring-ai
  10. [10] Remove remaining System.out in tests spring-projects/spring-ai
  11. [11] Remove `internal-tool-execution-enabled` property references from docs spring-projects/spring-ai
  12. [12] Update whatsnew.adoc for v4 spring-projects/spring-statemachine

FAQ

What changed in Spring on June 11, 2026?
Spring Boot 4.1.0 is live with reduced memory overhead and critical mail/Artemis security fixes that shipped backports across three maintenance branches in the same window.
What should Spring teams do about it?
Upgrade Spring Boot to 4.1.0 (or 3.5.15/4.0.7 if you're on earlier lines) before next prod deploy • Verify Mail hostname verification is working in your environment (it's on by default now) • Review Spring AI docs after the pruning - some property references were removed
Which Spring repositories shipped on June 11, 2026?
spring-projects/spring-boot, spring-projects/spring-session, spring-projects/spring-tools, spring-projects/spring-ai, spring-projects/spring-statemachine

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.