Spring Boot 4.1.0 M3: AMQP 1.0 Auto-Configuration and MongoDB Batch Support
Spring Boot 4.1.0 M3 shipped in mid-March 2026 as part of the coordinated Spring Framework milestone release wave. The headline addition is native support for the AMQP 1.0 protocol, which has been a long-standing gap for teams building cross-vendor messaging integrations. Boot 4.1.0 M3 introduces auto-configuration for AmqpConnectionFactory and AmqpClient interfaces, meaning a Spring Boot application can connect to any AMQP 1.0-compatible broker — including ActiveMQ Artemis, Azure Service Bus, and others — with the same zero-configuration approach that AMQP 0.9.1 (RabbitMQ) already enjoyed. The corresponding Spring AMQP 4.1.0 M3 release adds the @AmqpListener annotation and a QueueBuilder.classic() method for streamlined queue definitions.
A second addition is the new spring-boot-batch-data-mongodb module, which provides auto-configuration for Spring Batch backed by MongoDB. This fills a gap for teams that use MongoDB as their primary datastore and want Batch job repositories without standing up a relational database. The module handles JobRepository and JobExplorer configuration automatically when MongoDB is on the classpath, following the same pattern as the existing Spring Batch JDBC support.
Dependency management and autoconfiguration extension points see continued polish as the 4.1 line approaches a release candidate. Teams using Spring Boot 4.0.x for production should continue on that branch; 4.0.5 (released March 26) is the current stable release with 17 bug fixes and dependency upgrades.
Read more — InfoQ
Spring Data 2026.0.0 M2: Redis Pub/Sub Listeners, MongoDB bulkWrite, and Compare-and-Set
Spring Data 2026.0.0 M2 delivers several long-requested capabilities across the Redis and MongoDB modules. The most developer-visible addition is the @EnableRedisListeners annotation in Spring Data Redis, which provides a declarative model for subscribing to Redis pub/sub channels. Previously, registering a Redis message listener required explicit RedisMessageListenerContainer wiring; the new annotation-based approach follows the familiar @EnableJms / @EnableKafka pattern and handles container lifecycle automatically.
The Spring Data MongoDB module gains a bulkWrite() method on MongoOperations that accepts a mixed list of insert, update, and delete operations and executes them as a single atomic batch. Bulk writes reduce round-trips significantly for workflows that process multiple documents at once — for example, pipeline stages that upsert several records as part of a single business transaction. The implementation maps cleanly to the MongoDB driver's native BulkWrite API and returns a BulkWriteResult detailing counts per operation type.
Redis 8.4 compatibility receives two new operations: compare-and-set (set a value only if the current value matches) and compare-and-delete (delete a key only if the value matches), both with optional expiration parameters. These primitives are directly useful for implementing optimistic locking and distributed token invalidation without resorting to Lua scripts. The compare-and-set operation maps to Redis SETXX with the value guard check handled server-side, ensuring atomicity under concurrent writes.
Read more — InfoQ
Spring Security 7.1.0 M3 and 7.0.4: CVE-2026-22732, Expression Authorization, and IP Matching
Spring Security 7.1.0 M3 and the patch release 7.0.4 shipped simultaneously on March 19, 2026. The patch release addresses CVE-2026-22732, a vulnerability involving HTTP header caching that could allow crafted requests to bypass certain security checks; upgrading to 7.0.4 or 7.1.0 M3 is recommended for any application using header-based security conditions.
The 7.1.0 M3 release adds MessageExpressionAuthorizationManager, which brings Spring Security's powerful SpEL expression model to message-level authorization in Spring WebSocket and Spring Integration messaging contexts. Previously, fine-grained message authorization required custom AccessDecisionVoter implementations; the new class accepts SpEL expressions directly in @MessageMapping security configurations. This aligns message authorization with the @PreAuthorize / @PostAuthorize model that HTTP authorization has used for years.
The new InetAddressMatcher interface provides a cleaner API for IP address-based access control, supporting both IPv4 and IPv6 CIDR notation. It replaces the legacy IpAddressMatcher (which was IPv4-only) and integrates with the AuthorizationFilter chain, allowing constructs like requestMatchers(new InetAddressMatcher("10.0.0.0/8")).hasRole("INTERNAL") in security configuration.
The companion Spring for Apache Kafka 4.1.0 M2 release introduces a RENEW acknowledgment type with extended acquisition locks and improved error handling in ShareKafkaMessageListenerContainer for Kafka 3.9+ share group consumers.
Read more — Spring Blog
InfoQ Roundup — InfoQ
Spring AI 2.0.0 M3 and Spring Vault 4.1.0 M1
Spring AI 2.0.0 M3 introduces McpClientCustomizer, an interface for programmatically customizing named MCP client beans before they are finalized. Teams that need to apply transport-level configuration, inject custom headers, or apply per-tool retry policies can now do so through a well-defined extension point rather than overriding auto-configured beans. The release also improves builder patterns for ZhiPuAiChatOptions and OllamaChatOptions, making provider-specific configuration more consistent with the broader Spring AI options API.
Spring Vault 4.1.0 M1 lands as the initial milestone for the next minor version and introduces two significant abstractions for secrets management. The CertificateContainer provides lifecycle management for PKI certificates issued by Vault, handling renewal and rotation automatically so that applications using mutual TLS or client certificates do not need custom renewal logic. The ManagedSecret and SecretsRegistry APIs offer a higher-level model for referencing Vault secrets by logical name and resolving them at injection time, which simplifies dynamic secret rotation in long-running applications without application restarts.
Both of these milestones target the Spring 2026.1.0 release train (corresponding to Spring Boot 4.1.x). Teams building AI-native or secrets-sensitive Spring applications can test these features against the milestone artifacts by adding the Spring Milestones repository to their builds.
Read more — InfoQ
Links & Sources
You May Also Enjoy
