Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreSpring AMQP 4.1.0 Available
It is my pleasure today to share with you the Spring AMQP 4.1.0 is available with some new features and CVE fixes.
Notable changes in this release:
- All the dependencies upgaded to their latest major/minor versions.
- Generic AMQP 1.0 support via dedicated
spring-amqp-clientmodule based on ProtonJ 2. - Compatibility with RabbitMQ 4.3.
- The
SimpleMessageListenerContainerprovides option for immediate scale-down on dynamic consumers. - The JSON converters now "trust no one" by default.
Use * for trsustedPackages property to opt-in to the previous "trust all" behavior.
See the Release Notes and What's New for more information.
In addition, the Spring AMQP 3.2.11 & 4.0.4 with bug and CVE fixes are available.
CVEs fixed in this release
- CVE-2026-41701: Sequential correlation IDs enable reply poisoning on fixed reply queues
- CVE-2026-41714: The
RabbitConnectionFactoryBean.setUri("amqps://...")bypasses secure SSL setup, usesTrustEverythingTrustManager
Cheers,
Artem
Get support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all