The Wire · Showcase
SPRING FRAMEWORK TIGHTENS RESOURCE SECURITY, NEO4J FIXES CONVERSION LOGIC
By RepoJournal · Filed · About Spring
Spring Framework reinstated critical resource location validation checks that prevent unauthorized static resource resolution in sensitive directories.
Spring Framework merged a fix that restores invalid resource location checks [2], closing a gap where certain paths were incorrectly treated as valid. This matters: the original removal in gh-36695 created a security surface that's now sealed. Meanwhile, Spring Data Neo4j shipped a propertyType matching fix [3] that corrects how custom conversions are resolved, addressing edge cases where type matching could fail silently during persistence operations. On the dependency front, Spring AMQP bumped JUnit to 6.1.2 [1], a patch release that tightens test infrastructure. These are maintenance-grade updates across the stack, no breaking changes, no emergency patches required.
Action items
- → Merge Spring Framework resource location fix into your build if you're on a recent snapshot spring-projects/spring-framework [plan]
- → Test Spring Data Neo4j custom conversions after upgrading if you rely on type matching spring-projects/spring-data-neo4j [monitor]
References
- [1] Bump org.junit:junit-bom from 6.1.1 to 6.1.2 ↗ spring-projects/spring-amqp
- [2] Reinstate invalid resource location checks spring-projects/spring-framework
- [3] Fixing propertyType matching for custom conversions ↗ spring-projects/spring-data-neo4j