github spring-projects/spring-ai v1.0.6
Spring AI 1.0.6 - Bug fixes
on GitHub

latest release: v1.1.5
16 hours ago

Spring AI 1.0.6 Release Notes

🎯 Highlights

This release focuses on stability and security improvements. Key fixes include securing the transformer model cache directory, preventing a potential DoS vulnerability via malformed PDF files, and correcting conversation memory and vector store filter handling. Dependencies are upgraded to Spring Boot 3.5.14.

πŸͺ² Bug Fixes

  • The default cache directory for transformer models is now secured with appropriate permissions to prevent unauthorized access to downloaded model files. 4881e0c
  • The CosmosDB vector store's delete method now uses parameterized queries, fixing a potential issue with query construction and improving safety. b32096e
  • Fixed a vulnerability where a specially crafted malformed PDF could cause excessive memory allocation, improving resilience against malicious or corrupted documents. 6a12b6f
  • Properly handles the conversationId filter in VectorStoreChatMemoryAdvisor, ensuring chat memory retrieval is correctly scoped to the intended conversation. 1e8135a
  • Corrects key handling in the vector store filter expression converter, ensuring filter expressions are properly translated across vector store implementations. eb763fd

πŸ”¨ Dependency Upgrades

  • Updated the Spring Boot dependency to version 3.5.14, incorporating the latest bug fixes and security patches from the Spring Boot project. aed3b27
  • Updated Spring Boot dependency to version 3.5.13 as an intermediate upgrade step. a1d3dee

πŸ”© Build Updates

  • Renamed JdbcChatMemoryRepositorySchemaInitializerPostgresqlTests to follow the standard integration test naming convention, ensuring correct test classification and execution. #5853

πŸ” Security

  • A malformed PDF could trigger excessive heap allocation during parsing. This fix adds safeguards to limit character buffer allocation, mitigating potential denial-of-service from crafted documents. 6a12b6f
  • The default cache directory used for storing downloaded transformer models is now created with restricted permissions, reducing the risk of unauthorized access to cached model artifacts. 4881e0c

πŸ™ Contributors

Thanks to all contributors who made this release possible:

Check out latest releases or
releases around spring-projects/spring-ai v1.0.6

Don't miss a new spring-ai release

NewReleases is sending notifications on new releases.

Get notifications