Best of Spring BootApril 2026

  1. 1
    Article
    Avatar of newstackThe New Stack·7w

    In the AI Age, Java is More Relevant Than Ever

    Java is positioned as a strong choice for AI development in enterprise environments, not just Python. The JVM's runtime efficiency makes it cost-effective for AI workloads where budget spent on compute competes with token costs. Frameworks like LangChain4j, Spring AI, and embabel bring first-class AI capabilities to Java. AI coding assistants like GitHub Copilot and Cursor are now highly proficient at Java, especially with popular frameworks like Spring Boot. Java's verbosity becomes an advantage in the AI age since AI-generated code is easier for developers to read and review. AI agents are also enabling continuous modernization of legacy Java codebases, turning a historically expensive one-off project into an ongoing process. Microsoft's JDConf is highlighted as a venue for Java practitioners to explore AI-in-Java topics.

  2. 2
    Article
    Avatar of foojayioFoojay.io·5w

    Spring Boot 3.5 EOL — The CVE Blind Spot Nobody Talks About

    Spring Boot 3.5 reaches end of open-source support on June 30, 2026, but the real risk isn't the migration — it's what happens to CVE reporting afterward. Once a project goes EOL, security researchers stop filing reports against it, maintainers stop triaging, and the CVE pipeline dries up. Vulnerabilities don't disappear; they just stop being recorded. Bad actors exploit this gap by testing CVEs found in supported branches against EOL versions that will never receive patches. Spring Boot 2.7's post-EOL trajectory (e.g., CVE-2024-38807 with no open-source fix) illustrates the pattern. Teams still on 3.5 after June 2026 risk running what the author calls 'zombie dependencies' — technically present, functionally dead from a security standpoint, with scanners showing green while hidden vulnerabilities accumulate. The advice: assess the 3.5-to-4.0 migration scope now, before the silence sets in.

  3. 3
    Article
    Avatar of baeldungBaeldung·5w

    Introduction to Spring Data AOT Repositories

    Spring Data AOT Repositories is a new feature coming in Spring Boot 4 that shifts repository preparation from runtime to build time. Previously, Spring Data used runtime reflection and dynamic proxies to implement repository interfaces via SimpleJpaRepository. With AOT Repositories enabled, Spring generates concrete repository implementation classes (e.g., UserRepositoryImpl__AotRepository) at compile time, eliminating most runtime reflection and proxy overhead. The article walks through the evolution across three modes: no AOT, AOT without repository optimization, and full AOT Repositories. Performance benchmarks show startup time improvements (10.1s → 9.9s → 8.7s) and faster build times come at the cost of longer compile times (11s → 17s → 25s). A notable benefit is compile-time detection of JPA query errors. The feature is enabled by setting spring.aot.repositories.enabled=true alongside spring.aot.enabled=true.

  4. 4
    Article
    Avatar of baeldungBaeldung·6w

    Getting a Cron Expression From Database for a Spring Boot Scheduled Job

    Two approaches for loading cron expressions from a database in Spring Boot are compared. The first uses a Spring bean (cronLoader) referenced via SpEL in @Scheduled, which is simple but only reads the value once at startup. The second uses SchedulingConfigurer to register a trigger task that re-reads the cron expression from the database before each execution, enabling runtime schedule changes without restarting the application. An H2 in-memory database with JPA is used for demonstration, along with a REST endpoint to update the cron value on the fly.

  5. 5
    Article
    Avatar of baeldungBaeldung·7w

    Multi-Factor Authentication in Spring Security 7

    Spring Security 7 introduces native multi-factor authentication (MFA) support using a factor-based authority model. Each successful authentication step grants a FactorGrantedAuthority to the user's security context. The new @EnableMultiFactorAuthentication annotation enables MFA globally, while AuthorizationManagerFactory allows applying MFA rules to specific endpoints. The post covers global MFA setup, endpoint-specific rules, time-based re-authentication requirements, user-based conditional MFA, and unit testing MFA flows with Spring Security test utilities.

  6. 6
    Article
    Avatar of foojayioFoojay.io·4w

    Dockerizing a Java 26 Project with Docker Init

    A step-by-step guide to containerizing a Java 26 Spring Boot project using Docker Init, the interactive wizard introduced in Docker Desktop 4.27. Docker Init automatically generates a multi-stage Dockerfile, compose.yaml, .dockerignore, and README. The guide covers project setup via Spring Initializr, running docker init, understanding the generated four-stage Dockerfile (dependency resolution, compilation, Spring Boot layer extraction, and minimal runtime image with a non-root user), and a workaround for Java 26 base images using SAP Machine instead of Eclipse Temurin while the latter catches up. A simple REST controller is added to verify the running container.

See all Spring Boot archives