Inquiry on SCDF Release Plan for Spring Boot 3.x Migration and Security Vulnerabilities

[anludke]

Hi there,

I’m reaching out to inquire about the plan and timeline for releasing a version of Spring Cloud Data Flow (SCDF) that includes the migration from Spring Boot 2.x to 3.x.

Since the release of version 2.11.5 on Sep 19, 2024, there have been multiple pull requests addressing and enhancing the migration to Spring Boot 3.x, but these have not been rolled out in a new SCDF release yet. Given that Spring Boot 3.x fixes several important security vulnerabilities that are present in 2.x (including critical patches related to security flaws, dependency updates, and performance improvements), I’m curious whether the delay is due to the preparation for the major SCDF 3.x release planned for November 2025.

Please advise.

Thank you!

[cppwfs]

Hello @anludke ,
Thank you for the question.

• SCDF 2.11.x is end of OSS support. Therefore will not be upgraded to run on SB(Spring Boot) 3.x.
• SCDF 2.11.x is commercially available and will have fixes for CVEs, but will remain on SB 2.x.
• SCDF 3.x will be ultimately be based on SB 4.x, but part of this effort will be to first migrate to SB 3.x internally.
• SB 4.x will be available Q4 2025 followed by Spring Cloud 2025 in Q4 2025, then a SCDF 3.x will follow.