The Wire · Showcase
SPRING FRAMEWORK FIXES MIME TYPE PARSER REGRESSION, AMQP CLOSES LOGBACK VULNERABILITY WINDOW
By RepoJournal · Filed · About Spring
Spring Framework patched a critical off-by-one error in MimeTypeUtils that was throwing the wrong exception on malformed input, while Spring AMQP moved aggressively to lock down conditional configuration processing in Logback.
Spring Framework addressed a regression introduced in recent changes to MimeTypeUtils.parseMimeType() [1] that exposed a StringIndexOutOfBoundsException instead of the expected InvalidMimeTypeException when parsing certain invalid MIME types, particularly quoted strings without semicolons. The fix is surgical: replacing the bounds check with a proper index validation to prevent array access violations. In parallel, Spring AMQP bumped Logback to 1.5.37 [2], which hardens conditional configuration processing and closes multiple vulnerability vectors related to unsafe Java expression evaluation in config files. Spring Session updated its CI infrastructure to actions/cache v6 [3], migrating to ESM and picking up performance improvements for workflow caching. Spring AI completed a workflow infrastructure refactor for its integration test suite [4], consolidating test execution paths. Spring Framework also merged maintenance branch updates [ref:7, ref:8] to keep version lines in sync.
Action items
- → Upgrade Spring AMQP to latest with Logback 1.5.37 in your next dependency refresh cycle spring-projects/spring-amqp [plan]
- → Update Spring Framework to pick up MimeTypeUtils fix if you parse user-supplied MIME types spring-projects/spring-framework [monitor]
- → Verify Spring Session builds complete successfully with actions/cache v6 spring-projects/spring-session [plan]
References
- [1] Fix off-by-one error in MimeTypeUtils.parseMimeType() spring-projects/spring-framework
- [2] Bump ch.qos.logback:logback-classic from 1.5.35 to 1.5.37 ↗ spring-projects/spring-amqp
- [3] Bump actions/cache from 5 to 6 ↗ spring-projects/spring-session
- [4] Move Spring AI integration tests' workflow ↗ spring-projects/spring-ai
- [5] Merge branch '7.0.x' spring-projects/spring-framework
- [6] Merge branch '7.0.x' spring-projects/spring-framework
FAQ
- What changed in Spring on June 27, 2026?
- Spring Framework patched a critical off-by-one error in MimeTypeUtils that was throwing the wrong exception on malformed input, while Spring AMQP moved aggressively to lock down conditional configuration processing in Logback.
- What should Spring teams do about it?
- Upgrade Spring AMQP to latest with Logback 1.5.37 in your next dependency refresh cycle • Update Spring Framework to pick up MimeTypeUtils fix if you parse user-supplied MIME types • Verify Spring Session builds complete successfully with actions/cache v6
- Which Spring repositories shipped on June 27, 2026?
- spring-projects/spring-framework, spring-projects/spring-amqp, spring-projects/spring-session, spring-projects/spring-ai