Spring News Roundup: First Milestone Releases of Boot, Security, Integration, Modulith, AMQP

The Spring ecosystem experienced a concentrated burst of development activity during the week of January 19th, 2026, with first milestone releases across five major projects. This coordinated update cycle reveals the framework's strategic direction toward supporting event-driven architectures, cloud-native patterns, and AI integration while maintaining its core enterprise Java foundation.

Spring Boot 4.1.0 M1: Enhanced Observability and Configuration

Spring Boot's first milestone for version 4.1.0 introduces two significant enhancements that address real-world deployment challenges. The new @AutoConfigureWebServer annotation enables developers to start a webserver with specific classes and a random port within @SpringBootTest contexts. This refinement solves a persistent testing pain point where developers needed to manually configure test environments for web applications, particularly when testing against multiple endpoints or services.

More substantially, the release adds automatic configuration for observability beans defined in Spring AMQP and Spring Kafka. This means metrics and tracing data from message brokers now flow directly into Spring Boot's Actuator endpoints without manual configuration. For teams running microservices with event-driven communication, this reduces the operational overhead of monitoring distributed systems. The automatic configuration detects broker connections and exposes relevant metrics like message throughput, latency, and error rates through standard Actuator endpoints.

The accompanying Spring Boot 4.0.2 maintenance release removes an unused Jetty dependency module (org.eclipse.jetty.ee11:jetty-ee11-servlets), demonstrating the project's commitment to lean dependency trees. This cleanup reduces the attack surface and deployment size for applications not using specific Jetty features.

Spring Security 7.1.0 M1: Contract Refinements

Spring Security's milestone focuses on API consistency and performance. The addition of nullability contracts to the PasswordEncoder.encode() method provides clearer API expectations for developers, reducing runtime errors from unexpected null inputs. This follows a broader industry trend toward explicit null handling in Java APIs.

The switch to using DefaultParameterNameDiscoverer.getSharedInstance() instead of creating custom instances reduces object allocation overhead in security configuration. While seemingly minor, this change demonstrates Spring's attention to performance optimization in security-critical code paths that execute on every request.

Spring Integration 7.1.0 M1: CloudEvents and gRPC Support

This release marks a significant expansion of Spring Integration's protocol support. The new spring-integration-cloudevents module provides native support for the CloudEvents specification, which defines a standard metadata format for event data across different services and platforms. This enables seamless event transformation between Spring Integration flows and cloud-native services like AWS EventBridge, Google Cloud Pub/Sub, or Azure Event Grid that use CloudEvents.

The spring-integration-grpc module introduces first-class gRPC support through new GrpcInboundGateway and GrpcOutboundGateway classes. gRPC has become the preferred protocol for high-performance service-to-service communication in cloud-native architectures, particularly for internal microservice communication. These gateways allow Spring Integration flows to:

• Act as gRPC servers receiving requests from gRPC clients
• Call external gRPC services as part of integration flows
• Maintain Spring Integration's familiar channel-based programming model

This integration is particularly valuable for organizations migrating from REST to gRPC while preserving existing Spring Integration investment. The gateway pattern abstracts protocol details, allowing developers to focus on business logic rather than serialization and transport concerns.

Spring Modulith 2.1.0 M1: Testing Enhancements

Spring Modulith continues to refine its module boundary testing capabilities. The ability to reset the TimeMachine instance after integration tests addresses a common testing challenge where time-based tests could interfere with subsequent test runs. This improves test isolation and reliability in CI/CD pipelines.

The new execute-all and execute-none options for the spring.modulith.test.on-no-changes property provide granular control over test execution. In large monoliths transitioning to modular architectures, running all module boundary tests on every change can be time-consuming. These options allow teams to:

• Skip all tests when no module boundaries changed (for rapid development)
• Force full test execution for release builds
• Configure different strategies for different environments

Spring AI 2.0.0 M2: Vector Store Expansion

The second milestone of Spring AI 2.0.0 demonstrates the framework's rapid maturation in the AI space. The addition of McpSyncServerCustomizer and McpAsyncServerCustomizer interfaces resolves autoconfiguration issues in non-web application contexts, making Spring AI more flexible for serverless or message-driven AI workloads.

More significantly, the release adds vector store backends for Amazon S3, Amazon Bedrock Knowledge Base, and Infinispan. Vector stores are essential for retrieval-augmented generation (RAG) patterns, where AI models query external knowledge bases. Each backend serves different use cases:

• Amazon S3: Cost-effective storage for large document corpora with simple retrieval patterns
• Amazon Bedrock Knowledge Base: Managed service with built-in semantic search and document chunking
• Infinispan: Distributed in-memory cache for low-latency vector lookups in high-throughput scenarios

This expansion allows organizations to choose vector storage based on their existing infrastructure and performance requirements rather than being locked into a single provider.

Spring AMQP 4.1.0 M1: Container Abstraction

The new AmqpMessageListenerContainer class provides a more flexible container abstraction for message listeners. While similar to RabbitAmqpListenerContainer, this new class offers a cleaner separation of concerns and better extensibility for custom message handling scenarios.

The @EnableAmqp annotation simplifies configuration by automatically importing AmqpDefaultConfiguration. This reduces boilerplate configuration code and ensures consistent setup across projects, particularly valuable for teams establishing new AMQP-based services.

Strategic Implications for Enterprise Architecture

These coordinated releases reveal several architectural patterns taking shape in the Spring ecosystem:

Event-Driven Architecture First: The CloudEvents support in Spring Integration and enhanced observability for message brokers in Spring Boot indicate a strategic bet on event-driven patterns as the primary communication method between services.

Protocol Agnosticism: gRPC support alongside existing HTTP and messaging protocols shows Spring's commitment to letting architects choose the right protocol for each communication pattern rather than prescribing a single approach.

AI Integration as a First-Class Concern: The rapid iteration on Spring AI, particularly vector store support, positions Spring as a viable platform for building AI-powered applications without abandoning Java's enterprise strengths.

Modular Monolith Transition: Spring Modulith's testing enhancements acknowledge that many organizations are taking an incremental approach to microservices, starting with well-defined module boundaries within monoliths.

Practical Considerations for Adoption

For teams considering these updates:

• Spring Boot 4.1.0 M1 requires testing the new webserver configuration in existing test suites, particularly where custom port management was implemented
• Spring Integration 7.1.0 M1's gRPC support may require updating build configurations to include gRPC dependencies and protobuf compilation
• Spring AI 2.0.0 M2's vector store changes include breaking changes that require updating existing vector store configurations
• All milestone releases should be tested in development environments before production adoption, as they represent early access to new features

The coordinated nature of these releases suggests Spring's development teams are aligning around common architectural patterns, making it easier to adopt multiple Spring projects together while maintaining consistency across the stack.

Michael Redlich, Java Champion and Director at GSJUG, has been an active member of the Java community for 25 years and serves as a committer on the Jakarta NoSQL and Jakarta Data specifications.