Download Latest Version Spring AI 1.1.6 source code.tar.gz (60.0 MB)
Email in envelope

Get an email when there's a new version of Spring AI

Home / v1.0.6
Name Modified Size InfoDownloads / Week
Parent folder
README.md 2026-04-27 3.5 kB
0
Spring AI 1.0.6 - Bug fixes source code.tar.gz 2026-04-27 57.6 MB
0
Spring AI 1.0.6 - Bug fixes source code.zip 2026-04-27 60.4 MB
0
Totals: 3 Items   118.0 MB 0

Spring AI 1.0.6 Release Notes

🎯 Highlights

This release focuses on stability and security improvements. Key fixes include securing the transformer model cache directory, preventing a potential DoS vulnerability via malformed PDF files, and correcting conversation memory and vector store filter handling. Dependencies are upgraded to Spring Boot 3.5.14.

🪲 Bug Fixes

  • The default cache directory for transformer models is now secured with appropriate permissions to prevent unauthorized access to downloaded model files. 4881e0c
  • The CosmosDB vector store's delete method now uses parameterized queries, fixing a potential issue with query construction and improving safety. b32096e
  • Fixed a vulnerability where a specially crafted malformed PDF could cause excessive memory allocation, improving resilience against malicious or corrupted documents. 6a12b6f
  • Properly handles the conversationId filter in VectorStoreChatMemoryAdvisor, ensuring chat memory retrieval is correctly scoped to the intended conversation. 1e8135a
  • Corrects key handling in the vector store filter expression converter, ensuring filter expressions are properly translated across vector store implementations. eb763fd

🔨 Dependency Upgrades

  • Updated the Spring Boot dependency to version 3.5.14, incorporating the latest bug fixes and security patches from the Spring Boot project. aed3b27
  • Updated Spring Boot dependency to version 3.5.13 as an intermediate upgrade step. a1d3dee

🔩 Build Updates

  • Renamed JdbcChatMemoryRepositorySchemaInitializerPostgresqlTests to follow the standard integration test naming convention, ensuring correct test classification and execution. #5853

🔐 Security

  • A malformed PDF could trigger excessive heap allocation during parsing. This fix adds safeguards to limit character buffer allocation, mitigating potential denial-of-service from crafted documents. 6a12b6f
  • The default cache directory used for storing downloaded transformer models is now created with restricted permissions, reducing the risk of unauthorized access to cached model artifacts. 4881e0c

🙏 Contributors

Thanks to all contributors who made this release possible:

Source: README.md, updated 2026-04-27