Skip to main content

Spring Boot 4.1.0

Release Date: June 10, 2026

Spring Boot 4.1.0 has been released on June 10, 2026, bringing significant new features including native gRPC support, SSRF mitigation for HTTP clients, enhanced OpenTelemetry integration, and a host of dependency upgrades. This release removes all APIs deprecated in version 4.0 and lays the groundwork for the next generation of Spring applications.

Overview

Spring Boot 4.1.0 is the first feature release in the 4.x series following the landmark 4.0 release. It ships with Spring Framework 7.1, introduces several long-requested capabilities, and reflects the teams commitment to both innovation and developer productivity.

New Features

Native gRPC Support

Spring Boot 4.1 introduces auto-configuration for building gRPC server and client applications. Developers can write both standalone Netty-backed servers and Servlet HTTP/2-based servers using Spring Boots familiar configuration model. The gRPC support is provided through the new Spring gRPC project (version 1.1) and includes:

  • Auto-configuration for gRPC server and client beans
  • Integration with Spring Security for authentication and authorization
  • Built-in metrics and health checks for gRPC endpoints
  • Protobuf-based message serialization out of the box

SSRF Mitigation for HTTP Clients

A notable security enhancement in this release is built-in Server-Side Request Forgery (SSRF) protection for the WebClient and RestTemplate. The new ConnectionValidator allows developers to restrict which hosts, IP ranges, and ports the HTTP client is permitted to connect to — significantly reducing the attack surface in applications that make outbound HTTP calls.

OpenTelemetry Enhancements

The OpenTelemetry integration has been overhauled. Spring Boot 4.1 now supports the OpenTelemetry Protocol (OTLP) natively, enabling direct export of traces and metrics to any OTLP-compatible backend without additional agent configuration. Automatic instrumentation spans are now available for gRPC, R2DBC, and the new HTTP client interceptors.

Lazy JDBC Connection Fetching

JDBC connection handling receives a performance-oriented improvement. Connections are now fetched lazily from the pool when a statement is actually executed, rather than eagerly at the beginning of a transaction. This reduces connection pool contention and improves resource utilization in high-concurrency scenarios.

Dependency Upgrades

Spring Boot 4.1.0 upgrades to the latest versions of many Spring projects and third-party dependencies:

  • Spring Framework 7.1.0
  • Spring Data 2026.0.0
  • Spring Security 7.2.0
  • Spring gRPC 1.1.0
  • Spring Cloud 2025.1.0
  • Tomcat 11.0.5
  • Hibernate 7.1.0
  • Jackson 2.19.0

Deprecations and Removals

Following the deprecation policy established in Spring Boot 4.0, this release removes all APIs that were marked as deprecated in the previous version:

  • Layertools JAR mode removed — Use the tools mode instead
  • Apache Derby support deprecated — Deprecated in favor of H2 and HSQLDB
  • Deprecated endpoint IDs removed — Legacy actuator endpoint identifiers have been cleaned up

Miscellaneous

  • Support for loading layers configuration from the classpath with Maven
  • Skip tests and AOT processing refinements for container builds
  • Improved Docker Compose logging and service discovery
  • Better error messages when configuration properties cannot be bound

How to Upgrade

To upgrade an existing Spring Boot 4.0 application, update your Maven or Gradle configuration to reference version 4.1.0. The Spring Boot CLI users can use the spring init command with the new version. Review the release notes on GitHub for the complete list of changes and migration guidance.

Spring Boot 4.1.0 is available now from Maven Central. Visit the Spring Boot website for documentation, release notes, and getting-started guides.

What is New?

By continuing to use the site, you agree to the use of cookies.