On behalf of the community, I am excited to announce the availability of Spring HATEOAS 3.1 GA, 3.0.7, 2.5.3. The GA release ships the usual dependency updates and a few polishes in link parsing. CVE reports These releases address the following CVEs: CVE-2026-41006 – Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration CVE-2026-41007 – Spring HATEOAS heap exhaustion through unbounded internal caching Find more information in the full changelogs for 3.1 GA, 3.0.7, and 2.5.3.