Spring CVE debriefs

CVE-2026-41705

CVE-2026-41705 affects Spring AI's MilvusVectorStore#doDelete(List) path, where unsanitized document IDs can be used to inject filter expressions. The vendor guidance says Spring AI 1.0.x should be upgraded to 1.0.7 or later, and Spring AI 1.1.x should be upgraded to 1.1.6 or later.