Spring AI 1.1.6 Requires Explicit Conversation IDs for Chat Memory

Source Summary

What It Contains

Spring AI's official 1.1.6 release notes describe a breaking change for chat memory advisors: applications must now supply an explicit conversation ID, and PromptChatMemoryAdvisor is deprecated in favor of the newer advisor pattern.

Extracted Claims

• Chat memory advisors now require an explicit conversation ID.
• The change affects how chat memory is scoped and managed.
• Applications that relied on implicit conversation IDs must be updated to supply an explicit ID.
• The release also updated MCP SDK dependencies and includes unrelated bug fixes and documentation updates.

Evidence Quality

Primary release notes from the Spring AI project. This is not presented by the upstream project as a security vulnerability or incident. It is useful as fresh implementation evidence for a broader hardening pattern: agent memory scope should be explicit, auditable, and intentionally bound to the correct user, task, tenant, or session.

Relevance To Armorer

OpenClaw-style local agent frameworks and Armorer-managed deployments often combine persistent context, tools, credentials, and delegated actions. Ambiguous memory scoping can blur boundaries between sessions or workflows. Armorer can use this source to reinforce controls for explicit session identity, memory isolation, logging, runtime policy checks, and oversight before persistent context is reused in sensitive tasks.

Follow-Up

• Track whether other agent frameworks are moving from implicit to explicit memory/session identifiers.
• Consider automated health checks that flag agent workflows with persistent memory but no visible session, tenant, or conversation boundary.