Spring Framework versions 6.1.21 and 6.2.8 have been released with fixes and documentation improvements. Version 6.1.21 includes three fixes and will be included in Spring Boot 3.3.13. Version 6.2.8 includes thirty-nine fixes and will be included in Spring Boot 3.4.7 and 3.5.1. Both releases address a vulnerability, CVE-2025-41234, related to RFD attacks via the "Content-Disposition" header. Open-source support for Spring Framework 5.3.x and 6.0.x has ended, with 6.1.x being the last OSS release of its generation. Commercial customers have access to a fix for the vulnerability in version 6.0.29. Users not commercially supported should upgrade to a supported open-source version. Spring Boot hotfix releases 3.1.17.1 and 3.2.15.1 are available for commercial customers using Spring Boot 2.7, 3.1, or 3.2. These commercial releases can be accessed through a Spring Enterprise Subscription.