chore(deps): update plugin org.springframework.boot to v3.5.9

bullshitrequested to merge
renovate/spring-boot into main

This MR contains the following updates:

Package Change Age Confidence
org.springframework.boot (source) 3.4.43.5.9 age confidence

Release Notes

spring-projects/spring-boot (org.springframework.boot)

v3.5.9

🐞 Bug Fixes

  • RabbitHealthIndicator reports an error when version is missing from the connection's server properties #​48486
  • Profiles retained during AOT processing are not configured in a native image #​48475
  • NullPointerException in UndertowWebServer.destroy() when using @DirtiesContext and Citrus Spring Boot Simulator #​48450
  • Redis health check reports an error when redis_version is missing from the INFO response #​48326
  • Parent's MeterRegistry beans are closed when child context closes #​48324
  • SpringBootTest.UseMainMethod.WHEN_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method #​48271

📔 Documentation

  • Documentation has an outdated reference to the Jackson Kotlin Module #​48533
  • Caching documentation should clarify how to use a no-op implementation to run a test suite #​48531
  • Document that the default rolling policy for Log4j2 requires logging.file.path to be set #​48526
  • License header in build samples is displayed in the reference documentation #​48477
  • Configuring Two DataSources How-To code sample is inconsistent #​48448
  • Improve javadoc for when to use class names rather than class references #​48395
  • Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #​48359
  • Polish TestRestTemplate examples in the reference guide #​48335
  • Fix links to javadoc in the reference documentation #​48299
  • Clarify that @EnableBatchProcessing turns off all batch auto-configuration, including schema initialization #​48265
  • Kotlin auto-configuration examples are not annotated with @AutoConfiguration #​48227
  • Infinispan Cache Documentation is outdated #​48217
  • Revise "Use Liquibase for test-only migrations" section in reference manual #​48169

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​banseok1216, @​berry120, @​dmitrysulman, @​geopark021, @​noojung, @​scottfrederick, @​vpavic, and @​youngledo

v3.5.8

⚠️ Noteworthy changes

🐞 Bug Fixes

  • Gradle war task does not exclude starter POMs from lib-provided #​48196
  • Testcontainers integration fails on Docker 29.0.0 #​48192
  • SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #​48180
  • Properties bound in the child management context ignore the parent's environment prefix #​48176
  • ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #​48153
  • Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #​48129
  • New arm64 macbooks fail to bootBuildImage due to incorrect platform image #​48127
  • NullPointerException when using @ConditionalOnSingleCandidate with multiple manually registered singletons #​48123
  • Buildpack fails with recent Docker installs due to hardcoded version in URL #​48102
  • Image building may fail when specifying a platform if an image has already been built with a different platform #​48098
  • Undertow's ServletContext is destroy too early, making it unusable in @PreDestroy methods #​48061
  • PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #​48058
  • Auto-configured JCacheMetrics cannot be customized #​48056
  • WebSecurityCustomizer beans are excluded by WebMvcTest #​48054
  • Devtools Restarter does not work with a parameterless main method #​47987
  • Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry #​47923
  • Docker response 407 is not handled correctly resulting in no error message #​47900
  • spring-boot-maven-plugin process-aot goal does not find package-private main method #​47780

📔 Documentation

  • Revise AWS section of "Deploying to the Cloud" in reference manual #​48156
  • Fix typo in PortInUseException Javadoc #​48133
  • Correct section about required setters in "Type-safe Configuration Properties" #​48130
  • Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper #​48114
  • Document support for configuring servlet context init parameters using properties #​48111
  • Clarify how warnings about soon-to-expire SSL certificates are reported #​48062
  • Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #​48052
  • Use since attribute in configuration properties deprecation consistently #​47980
  • BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException #​47905
  • Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier #​47898
  • Document that Actuator endpoint may have at most one extension of each type #​47873
  • Limit Kotlin API documentation to Kotlin-specific APIs #​47859
  • Adapt AOTCache documentation to JEP 514 #​47274

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​K-jun98, @​TerryTaoYY, @​hojooo, @​linw-bai, @​mipo256, @​namest504, @​ngocnhan-tran1996, @​nosan, @​scottfrederick, @​siva-sai-udaygiri, @​tschut, and @​vpavic

v3.5.7

New Features

  • Add TWENTY_FIVE to JavaVersion enum #​47609

🐞 Bug Fixes

  • Signed jar verification fails when nested in an uber war running on an Oracle JVM #​47771
  • In an uber war, value of the Sbom-Location manifest attribute does not match the SBOM's actual location #​47737
  • Homebrew formula for the CLI should use libexec #​47722
  • When virtual threads are enabled, embedded Jetty does not use recommended virtual thread configuration #​47717
  • ClientHttpRequestFactoryRuntimeHints is missing timeout methods with Duration overloads #​47678
  • OnBeanCondition no longer correctly finds annotations on scoped target proxy beans #​47635
  • JavaVersion doesn't work reliably in native-image #​47620
  • LiquibaseEndpoint always uses defaultSchema instead of liquibaseSchema #​47346
  • Launcher fails to find main method when it is parameterless #​47311
  • Package private Main class using Java 25 is not found by build plugins #​47309
  • Bitnami legacy images are not automatically detected #​47275
  • Maven plugin does not provide an easy way to exclude optional dependencies from uber jar #​25403

📔 Documentation

  • Some spring.test.* properties are not documented #​47775
  • Dependency management for Maven AntRun Plugin is missing changelog link #​47744
  • Developing Your First Spring Boot Application has outdated tools #​47700
  • Include deprecated configuration properties in the reference documentation #​47669
  • Aggregated Javadoc should link to the proper version of JakartaEE #​47593
  • Update javadoc of TestRestTemplate following change to redirect behavior #​47474
  • Use non-deprecated syntax to configure sourceCompatibility #​47343
  • Fix link to Framework's @Bean annotation #​47330
  • Update managed dependency version override examples in documentation #​47306

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​DKARAGODIN, @​JinhyeokFang, @​Lublanski, @​Pankraz76, @​fhiyo, @​ngocnhan-tran1996, @​nosan, @​scottfrederick, and @​xyraclius

v3.5.6

🐞 Bug Fixes

  • Quoted -D arguments break system property resolution on Linux with Spring AOT #​47166
  • Groovy Templates fails with an NPE when rendering an auto new line #​47139
  • available() does not behave correctly when reading stored entries from a NestedJarFile #​47057
  • spring-boot-docker-compose doesn't create service connections when image has registry host but not project #​47019
  • Flyway Ignore Migration Patterns setting can't be set to an empty string #​47013

📔 Documentation

  • Default value of server.tomcat.resource.cache-ttl is not documented #​47253
  • Document Java 25 support #​47245
  • Fix links to Flyway reference documentation #​46988
  • Clarify Javadoc of Customizer interfaces about overriding behavior #​46942

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Chanwon-Seo, @​doljae, @​izeye, and @​quaff

v3.5.5

🐞 Bug Fixes

  • Hazelcast health indicator reports the wrong status when Hazelcast has shut down due to an out-of-memory error #​46909
  • Performance critical tracing code has high overhead due to the use of the Stream API #​46844
  • SpringLiquibaseCustomizer is exposed outside its defined visibility scope #​46758
  • Race condition in OutputCapture can result in stale data #​46721
  • Auto-configured WebClient no longer uses context's ReactorResourceFactory #​46673
  • Default value not detected for a field annoted with @Name #​46666
  • Missing metadata when using @Name with a constructor-bound property #​46663
  • Missing property for Spring Authorization Server's PAR endpoint #​46641
  • Property name is incorrect when reporting a mis-configured OAuth 2 Resource Server JWT public key location #​46636
  • Memory not freed on context restart in JpaMetamodel#CACHE with spring.main.lazy-initialization=true #​46634
  • Auto-configured MockMvc ignores @FilterRegistration annotation #​46605
  • Failure to discover default value for a primitive should not lead to document its default value #​46561

📔 Documentation

  • Kotlin samples for configuration metadata are in the wrong package #​46857
  • Observability examples in the reference guide are missing the Kotlin version #​46798
  • Align method descriptions for SslOptions getCiphers and getEnabledProtocols with @returns #​46769
  • Tracing samples in the reference guide are missing the Kotlin version #​46767
  • Improve Virtual Threads section to mention the changes in Java 24 #​46610
  • spring.test.webtestclient.timeout is not documented #​46588
  • spring-boot-test-autoconfigure should use the configuration properties annotation processor like other modules #​46585
  • Adapt deprecation level for management.health.influxdb.enabled #​46580
  • spring.test.mockmvc properties are not documented #​46578

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kguswo, @​deejay1, @​ganjisriver, @​izeye, @​jetflo, @​ngocnhan-tran1996, @​nicolasgarea, @​nosan, @​prishedko, @​quaff, @​schmidti159, @​scordio, @​shakuzen, @​tommyk-gears, @​zahra7, and @​zakaria-shahen

v3.5.4

🐞 Bug Fixes

  • LambdaSafe.withFilter is not public #​46474
  • Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #​46402
  • Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #​46398
  • Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #​46351
  • Change in DefaultErrorAttributes alters the shape of API validation error responses #​46260
  • jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #​46225
  • developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #​46205
  • Hash calculation for uber archive entries that require unpacking is inefficient #​46203
  • Permissions are applied inconsistently when building uber archives with Gradle #​46194
  • Environment variables using legacy dash format can no longer be bound #​46184
  • EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #​46180
  • Executable JAR application class encounters performance issues #​46177
  • Executable JAR application class encounters performance issues #​46176
  • Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #​46174
  • Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #​46170
  • SslInfo does not use its Clock when checking certificate validity #​46011

📔 Documentation

  • Fix description of spring.batch.job.enabled #​46247
  • Fix broken Kotlin examples in reference documentation #​46168
  • Add Logback Access Reactor Netty to community starters #​46060

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Dockerel, @​PiyalAhmed, @​benelog, @​dmitrysulman, @​izeye, @​ngocnhan-tran1996, @​nosan, and @​quaff

v3.5.3

🐞 Bug Fixes

  • Binder context does not restore previous source causing missing data on Spring Boot 3.5 or above #​46040

v3.5.2

🐞 Bug Fixes

  • IllegalArgumentException: 'name' must not be null thrown when property source filtering applied twice #​46032

v3.5.1

⚠️ Noteworthy Changes

  • This release upgrades to Tomcat 10.1.42 which has introduced limits for part count and header size in multipart/form-data requests. These limits can be customized using server.tomcat.max-part-count and server.tomcat.max-part-header-size respectively.

New Features

  • Allow Specifying ConfigData.Options On ConfigDataEnvironmentContributors #​42932

🐞 Bug Fixes

  • Executable JAR application class encounters performance issues when classpath URLs reference a host #​46028
  • Loading from spring.factories may fail with a ClassNotFoundException when the TCCL changes between calls #​46019
  • spring.couchbase.authentication.jks.private-key-password has no effect #​46006
  • Actuator heapdump endpoint is failing on modern OpenJ9 JVMs #​46005
  • UnboundConfigurationPropertiesException is no longer thrown from IndexedElementsBinder #​45994
  • DataSouceBuilder can fail with a NPE when the driver is null #​45992
  • JSON writer incorrectly escapes forward slash which can cause structure logging issues #​45980
  • ManagementContextAutoConfiguration adds a property source that degrades binding performance #​45968
  • ClientHttpConnectorAutoConfiguration fails to load when 'java.net.http.HttpClient' is unavailable #​45955
  • It is not possible to opt-out of profile validation or use profile names that contain '.' #​45947
  • GraphQlProperties.DeprecatedSse is not annotated as deprecated #​45878
  • SpringApplication.setEnvironmentPrefix is ignored when reading MANAGEMENT_SERVER_PORT #​45857
  • Write and delete operations no longer work in the Cloud Foundry actuator support with Spring Security due to CSRF protection #​45848
  • ConditionalOnAvailableEndpoint does not use the ConditionContext's ClassLoader to load exposure outcome contributors #​45803
  • Binding no longer works with sytem environment properties that are not upper case #​45741
  • ManagementWebServerFactoryCustomizer and ManagementErrorPageCustomizer should not have the same order #​45736
  • Default version of Awailitility is not compatible with Kotlin 1.9 baseline #​45673
  • Spring Boot 3.5's dependency management should have been upgraded to Lettuce 6.6.0.RELEASE #​45670
  • Spring Boot 3.5's dependency management should have been upgraded to Jedis 6.0.0 #​45669
  • SAML2 autoconfiguration is not imported by @WebMvcTest #​45666
  • Spring Boot 3.5's dependency management should have been upgraded to MongoDB 5.5.0 #​45660

📔 Documentation

  • Fix Docker security options links in Packaging OCI images sections #​46021
  • Improve documentation for configuring Spring Security with '/error' #​46009
  • Timestamps in Retrieving Audit Events examples do not match the accompanying text #​45997
  • Add SSL response structure to actuator info endpoint documentation #​45921
  • Update javadoc of test slice annotations to suggest MockitoBean rather than MockBean #​45915
  • Include configuration classes from all modules in the "Auto-configuration Classes" appendix #​45863
  • Links to Testcontainers javadoc for many classes not in the core testcontainers module do not work #​45844
  • Update documentation to reflect changes in TestRestTemplate's default redirect behavior #​45842
  • Deprecation replacement for spring.codec.* properties has a typo #​45743
  • Gradle Shadow Plugin link in the reference guide is outdated #​45740
  • Example of using prometheus-metrics-exporter-pushgateway has wrong artifactId #​45684
  • Document use of git-commit-id-maven-plugin consistently #​45683
  • Update javadoc of Configurer classes that apply sensible defaults to describe how they're typically used #​45656

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Peksa, @​Rutujakolte03, @​chanbinme, @​csbiy, @​davidlj95, @​izeye, @​juliojgd, @​ngocnhan-tran1996, @​nicolasgarea, @​nosan, @​quaff, @​shekharAggarwal, @​tanruian, and @​wonyongg

v3.5.0

Full release notes for Spring Boot 3.5 are available on the wiki.

New Features

  • Make heapdump endpoint restricted by default #​45624
  • Remove SSL status tag from metrics #​45602
  • Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' #​45507

🐞 Bug Fixes

  • Unable to override/set nested ConfigurationProperties by passing as a system property #​45639
  • ValidationAutoConfiguration triggers early initialization of properties binding #​45618
  • Micrometer "enable" annotations property does not cover observed aspect #​45617
  • spring.graphql.sse.timeout is no longer exposed #​45613
  • SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE #​45549
  • IllegalStateException when extracting using layers a module with no code of its own #​45449
  • Removed spring.batch.initialize-schema property is still considered #​45380
  • ReactorHttpClientBuilder does not offer a factory method to create the HttpClient #​45378
  • Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate #​45351
  • Custom default units declared on a field are ignored when binding properties in a native image #​45347
  • DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper #​45345
  • Various spring.datasource properties are mistakenly marked as ignored #​45342
  • JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter #​45297
  • DockerRegistryConfigAuthentication does not align with Docker CLI #​45292
  • Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password #​45290
  • CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method #​32622

📔 Documentation

  • Document the java info contribution #​45634
  • Document the process info contribution #​45632
  • Document the os info contribution #​45630
  • Document typical spring.application.group and name use #​45628
  • Document that bean methods should be static when annotated with @ConfigurationPropertiesBinding #​45626
  • Document the way that primary Kotlin constructors are used when binding #​45553
  • Improve "profile" reference documentation with additional admonitions #​45551
  • Improve setEnvironmentPrefix(...) reference documentation #​45376
  • Document all the available Testcontainers integrations #​45367
  • Document when a spring.config.import value is relative and when it is fixed #​45363
  • Update org.cyclonedx.bom version in docs to 2.3.0 #​45320
  • Update link to "Parameter Name Retention" section of Spring Framework's release notes #​45299

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​ahrytsiuk, @​izeye, @​lhotari, @​ngocnhan-tran1996, @​nosan, @​quaff, @​thecooldrop, and @​yybmion

v3.4.13

🐞 Bug Fixes

  • RabbitHealthIndicator reports an error when version is missing from the connection's server properties #​48484
  • NullPointerException in UndertowWebServer.destroy() when using @DirtiesContext and Citrus Spring Boot Simulator #​48446
  • Profiles retained during AOT processing are not configured in a native image #​48408
  • Redis health check reports an error when redis_version is missing from the INFO response #​48320
  • Parent's MeterRegistry beans are closed when child context closes #​48319

📔 Documentation

  • Caching documentation should clarify how to use a no-op implementation to run a test suite #​48529
  • Documentation has an outdated reference to the Jackson Kotlin Module #​48525
  • Document that the default rolling policy for Log4j2 requires logging.file.path to be set #​48524
  • License header in build samples is displayed in the reference documentation #​48474
  • Configuring Two DataSources How-To code sample is inconsistent #​48407
  • Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #​48358
  • Polish TestRestTemplate examples in the reference guide #​48334
  • Fix links to javadoc in the reference documentation #​48298
  • Clarify that @EnableBatchProcessing turns off all batch auto-configuration, including schema initialization #​48264
  • Kotlin auto-configuration examples are not annotated with @AutoConfiguration #​48220
  • Infinispan Cache Documentation is outdated #​48191

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​berry120, @​dmitrysulman, @​geopark021, @​noojung, and @​youngledo

v3.4.12

⚠️ Noteworthy changes

🐞 Bug Fixes

  • Gradle war task does not exclude starter POMs from lib-provided #​48195
  • Testcontainers integration fails on Docker 29.0.0 #​48104
  • NullPointerException when using @ConditionalOnSingleCandidate with multiple manually registered singletons #​48117
  • Buildpack fails with recent Docker installs due to hardcoded version in URL #​48050
  • PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #​47618
  • Image building may fail when specifying a platform if an image has already been built with a different platform #​47292
  • Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry #​47285
  • WebSecurityCustomizer beans are excluded by WebMvcTest #​47255
  • Docker response 407 is not handled correctly resulting in no error message #​47180
  • Undertow's ServletContext is destroy too early, making it unusable in @PreDestroy methods #​47141
  • New arm64 macbooks fail to bootBuildImage due to incorrect platform image #​46665
  • Auto-configured JCacheMetrics cannot be customized #​46212
  • Properties bound in the child management context ignore the parent's environment prefix #​45858

📔 Documentation

  • Fix typo in PortInUseException Javadoc #​48124
  • Document support for configuring servlet context init parameters using properties #​47951
  • BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException #​47903
  • Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier #​47896
  • Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #​47893
  • Limit Kotlin API documentation to Kotlin-specific APIs #​47763
  • Document that Actuator endpoint may have at most one extension of each type #​47740
  • Some spring.test.* properties are not documented #​47236
  • Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper #​47039
  • Clarify how warnings about soon-to-expire SSL certificates are reported #​45564
  • Correct section about required setters in "Type-safe Configuration Properties" #​43138

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​K-jun98, @​hojooo, @​mipo256, @​namest504, @​ngocnhan-tran1996, @​nosan, @​siva-sai-udaygiri, and @​tschut

v3.4.11

🐞 Bug Fixes

  • In an uber war, value of the Sbom-Location manifest attribute does not match the SBOM's actual location #​47735
  • Homebrew formula for the CLI should use libexec #​47696
  • When virtual threads are enabled, embedded Jetty does not use recommended virtual thread configuration #​47690
  • ClientHttpRequestFactoryRuntimeHints is missing timeout methods with Duration overloads #​47675
  • OnBeanCondition no longer correctly finds annotations on scoped target proxy beans #​47633
  • JavaVersion doesn't work reliably in native-image #​47619
  • In an uber war, value of the Sbom-Location manifest attribute does not match the SBOM's actual location #​47408
  • LiquibaseEndpoint always uses defaultSchema instead of liquibaseSchema #​47300
  • Signed jar verification fails when nested in an uber war running on an Oracle JVM #​47284
  • Bitnami legacy images are not automatically detected #​46983

📔 Documentation

  • Dependency management for Maven AntRun Plugin is missing changelog link #​47732
  • Developing Your First Spring Boot Application has outdated tools #​47699
  • Include deprecated configuration properties in the reference documentation #​47622
  • Aggregated Javadoc should link to the proper version of JakartaEE #​47592
  • Use non-deprecated syntax to configure sourceCompatibility #​47339
  • Fix link to Framework's @Bean annotation #​47329
  • Update managed dependency version override examples in documentation #​47304

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​DKARAGODIN, @​Lublanski, @​fhiyo, @​ngocnhan-tran1996, @​nosan, @​scottfrederick, and @​xyraclius

v3.4.10

🐞 Bug Fixes

  • available() does not behave correctly when reading stored entries from a NestedJarFile #​47056
  • Flyway Ignore Migration Patterns setting can't be set to an empty string #​46984
  • spring-boot-docker-compose doesn't create service connections when image has registry host but not project #​46974
  • Quoted -D arguments break system property resolution on Linux with Spring AOT #​46555

📔 Documentation

  • Default value of server.tomcat.resource.cache-ttl is not documented #​47252
  • Fix links to Flyway reference documentation #​46976
  • Clarify Javadoc of Customizer interfaces about overriding behavior #​46938

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Chanwon-Seo, @​doljae, @​izeye, and @​quaff

v3.4.9

🐞 Bug Fixes

  • Hazelcast health indicator reports the wrong status when Hazelcast has shut down due to an out-of-memory error #​46877
  • Performance critical tracing code has high overhead due to the use of the Stream API #​46838
  • SpringLiquibaseCustomizer is exposed outside its defined visibility scope #​46752
  • Race condition in OutputCapture can result in stale data #​46685
  • Default value not detected for a field annoted with @Name #​46662
  • Memory not freed on context restart in JpaMetamodel#CACHE with spring.main.lazy-initialization=true #​46630
  • Property name is incorrect when reporting a mis-configured OAuth 2 Resource Server JWT public key location #​46627
  • Missing metadata when using @Name with a constructor-bound property #​46599
  • Failure to discover default value for a primitive should not lead to document its default value #​46551

📔 Documentation

  • Observability examples in the reference guide are missing the Kotlin version #​46775
  • Kotlin samples for configuration metadata are in the wrong package #​46774
  • Align method descriptions for SslOptions getCiphers and getEnabledProtocols with @returns #​46756
  • Tracing samples in the reference guide are missing the Kotlin version #​46699
  • spring-boot-test-autoconfigure should use the configuration properties annotation processor like other modules #​46584
  • spring.test.webtestclient.timeout is not documented #​46577
  • spring.test.mockmvc properties are not documented #​46576
  • Adapt deprecation level for management.health.influxdb.enabled #​46574
  • Improve Virtual Threads section to mention the changes in Java 24 #​46547

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kguswo, @​Pankraz76, @​deejay1, @​ganjisriver, @​izeye, @​nicolasgarea, @​nosan, @​prishedko, @​quaff, @​schmidti159, @​scordio, @​shakuzen, @​tommyk-gears, @​zahra7, and @​zakaria-shahen

v3.4.8

🐞 Bug Fixes

  • LambdaSafe.withFilter is not public #​46472
  • Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #​46401
  • Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #​46397
  • jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #​46214
  • Hash calculation for uber archive entries that require unpacking is inefficient #​46202
  • Permissions are applied inconsistently when building uber archives with Gradle #​46193
  • EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #​46178
  • Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #​46164
  • Executable JAR application class encounters performance issues #​46063
  • developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #​46043
  • Binder context does not restore previous source causing missing data on Spring Boot 3.5 or above #​46039
  • Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #​45846

📔 Documentation

  • Fix description of spring.batch.job.enabled #​46228
  • Fix broken Kotlin examples in reference documentation #​46064

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Dockerel, @​PiyalAhmed, @​benelog, @​dmitrysulman, @​izeye, @​nosan, and @​quaff

v3.4.7

⚠️ Noteworthy Changes

  • This release upgrades to Tomcat 10.1.42 which has introduced limits for part count and header size in multipart/form-data requests. These limits can be customized using server.tomcat.max-part-count and server.tomcat.max-part-header-size respectively.

🐞 Bug Fixes

  • Executable JAR application class encounters performance issues when classpath URLs reference a host #​46027
  • Loading from spring.factories may fail with a ClassNotFoundException when the TCCL changes between calls #​46018
  • Actuator heapdump endpoint is failing on modern OpenJ9 JVMs #​46004
  • DataSouceBuilder can fail with a NPE when the driver is null #​45991
  • JSON writer incorrectly escapes forward slash which can cause structure logging issues #​45972
  • spring.couchbase.authentication.jks.private-key-password has no effect #​45883
  • ConditionalOnAvailableEndpoint does not use the ConditionContext's ClassLoader to load exposure outcome contributors #​45800
  • ManagementWebServerFactoryCustomizer and ManagementErrorPageCustomizer should not have the same order #​45728
  • SAML2 autoconfiguration is not imported by @WebMvcTest #​45650

📔 Documentation

  • Fix Docker security options links in Packaging OCI images sections #​46020
  • Improve documentation for configuring Spring Security with '/error' #​46008
  • Timestamps in Retrieving Audit Events examples do not match the accompanying text #​45996
  • Update javadoc of test slice annotations to suggest MockitoBean rather than MockBean #​45887
  • Include configuration classes from all modules in the "Auto-configuration Classes" appendix #​45861
  • Links to Testcontainers javadoc for many classes not in the core testcontainers module do not work #​45843
  • Add SSL response structure to actuator info endpoint documentation #​45792
  • Gradle Shadow Plugin link in the reference guide is outdated #​45739
  • Document use of git-commit-id-maven-plugin consistently #​45682
  • Update javadoc of Configurer classes that apply sensible defaults to describe how they're typically used #​45655
  • Clarify the situation with support for Prometheus PushGateway and the deprecated simpleclient #​45649

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​chanbinme, @​csbiy, @​davidlj95, @​izeye, @​ngocnhan-tran1996, @​nicolasgarea, @​nosan, @​quaff, @​shekharAggarwal, and @​wonyongg

v3.4.6

🐞 Bug Fixes

  • Micrometer "enable" annotations property does not cover observed aspect #​45616
  • SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE #​45548
  • IllegalStateException when extracting using layers a module with no code of its own #​45448
  • Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate #​45350
  • Custom default units declared on a field are ignored when binding properties in a native image #​45346
  • JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter #​45296

📔 Documentation

  • Document the java info contribution #​45633
  • Document the process info contribution #​45631
  • Document the os info contribution #​45629
  • Document typical spring.application.group and name use #​45627
  • Document that bean methods should be static when annotated with @ConfigurationPropertiesBinding #​45625
  • Document the way that primary Kotlin constructors are used when binding #​45552
  • Improve "profile" reference documentation with additional admonitions #​45550
  • Improve setEnvironmentPrefix(...) reference documentation #​45375
  • Document all the available Testcontainers integrations #​45366
  • Document when a spring.config.import value is relative and when it is fixed #​45362
  • Update link to "Parameter Name Retention" section of Spring Framework's release notes #​45298

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​ahrytsiuk, @​izeye, @​ngocnhan-tran1996, @​nosan, @​quaff, @​thecooldrop, and @​yybmion

v3.4.5

🐞 Bug Fixes

  • Spring Boot with native image container image build fails on podman due to directory permissions #​45256
  • Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #​45235
  • Wrong jOOQ exception translator with empty db name #​45219
  • MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #​45213
  • IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #​45194
  • OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #​45178
  • MongoDB's dependency management is missing Kotlin coroutine driver modules #​45159
  • ImagePlatform can cause "OS must not be empty" IllegalArgumentException #​45153
  • TypeUtils does not handle generics with identical names in different positions #​45039
  • HttpClient5 5.4.3 breaks local Docker transport #​45028
  • spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #​45002
  • Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #​44998
  • DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #​44995
  • SSL config does not watch for symlink file changes #​44887
  • EmbeddedLdapAutoConfiguration should not rely on PreDestroy #​44874
  • DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #​44819
  • JsonValueWriter can throw StackOverflowError on deeply nested items #​44627
  • In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #​44535
  • Logging a Path object using structured logging throws StackOverflowError #​44507

📔 Documentation

  • Make @Component a javadoc link #​45258
  • Fix documentation links to buildpacks.io #​45241
  • Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #​45224
  • Show the use of token properties in authorization server clients configuration example #​45176
  • Add details of the purpose of the metrics endpoint #​45047
  • Escape the asterisk in spring-application.adoc #​45033
  • Add reference to Styra (OPA) Spring Boot SDK #​44976
  • Update CDS documentation to cover AOTCache #​44970
  • WebFlux security documentation incorrectly links to servlet classes #​44966
  • Replace mentions of deprecated MockBean annotation #​44947
  • TaskExecution documentation should describe what happens when multiple Executor beans are present #​44908
  • Documentation lists coordinates for some dependencies that are not actually managed #​44879
  • Polish javadoc of SpringProfileAction #​44826

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​EvaristeGalois11, @​MelleD, @​aahlenst, @​ali-jalaal, @​erichaagdev, @​florgust, @​geniusYoo, @​izeye, @​jonatan-ivanov, @​nenros, @​nevenc, @​ngocnhan-tran1996, @​nosan, @​quaff, and @​rainboyan

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by bullshit

Merge request reports