Skip to content

[backend] Update spring boot to v3.5.0 (release/current) #2621

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: release/current
Choose a base branch
from
Open

[backend] Update spring boot to v3.5.0 (release/current) #2621

wants to merge 1 commit into from
+3 −3

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 7, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
org.springframework.boot:spring-boot-starter-oauth2-client (source) 3.2.11 -> 3.5.0 age adoption passing confidence
org.springframework.boot:spring-boot-starter-security (source) 3.2.11 -> 3.5.0 age adoption passing confidence
org.springframework.boot:spring-boot-starter-parent (source) 3.3.7 -> 3.5.0 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-oauth2-client)

v3.5.0

Compare Source

Full release notes for Spring Boot 3.5 are available on the wiki.

⭐ New Features
  • Make heapdump endpoint restricted by default #​45624
  • Remove SSL status tag from metrics #​45602
  • Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' #​45507
🐞 Bug Fixes
  • Unable to override/set nested ConfigurationProperties by passing as a system property #​45639
  • ValidationAutoConfiguration triggers early initialization of properties binding #​45618
  • Micrometer "enable" annotations property does not cover observed aspect #​45617
  • spring.graphql.sse.timeout is no longer exposed #​45613
  • SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE #​45549
  • IllegalStateException when extracting using layers a module with no code of its own #​45449
  • Removed spring.batch.initialize-schema property is still considered #​45380
  • ReactorHttpClientBuilder does not offer a factory method to create the HttpClient #​45378
  • Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate #​45351
  • Custom default units declared on a field are ignored when binding properties in a native image #​45347
  • DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper #​45345
  • Various spring.datasource properties are mistakenly marked as ignored #​45342
  • JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter #​45297
  • DockerRegistryConfigAuthentication does not align with Docker CLI #​45292
  • Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password #​45290
  • CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method #​32622
📔 Documentation
  • Document the java info contribution #​45634
  • Document the process info contribution #​45632
  • Document the os info contribution #​45630
  • Document typical spring.application.group and name use #​45628
  • Document that bean methods should be static when annotated with @ConfigurationPropertiesBinding #​45626
  • Document the way that primary Kotlin constructors are used when binding #​45553
  • Improve "profile" reference documentation with additional admonitions #​45551
  • Improve setEnvironmentPrefix(...) reference documentation #​45376
  • Document all the available Testcontainers integrations #​45367
  • Document when a spring.config.import value is relative and when it is fixed #​45363
  • Update org.cyclonedx.bom version in docs to 2.3.0 #​45320
  • Update link to "Parameter Name Retention" section of Spring Framework's release notes #​45299
🔨 Dependency Upgrades
❤️ Contributors

Thank you to all the contributors who worked on this release:

@​ahrytsiuk, @​izeye, @​lhotari, @​ngocnhan-tran1996, @​nosan, @​quaff, @​thecooldrop, and @​yybmion

v3.4.6

Compare Source

🐞 Bug Fixes

  • Micrometer "enable" annotations property does not cover observed aspect #​45616
  • SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE #​45548
  • IllegalStateException when extracting using layers a module with no code of its own #​45448
  • Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate #​45350
  • Custom default units declared on a field are ignored when binding properties in a native image #​45346
  • JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter #​45296

📔 Documentation

  • Document the java info contribution #​45633
  • Document the process info contribution #​45631
  • Document the os info contribution #​45629
  • Document typical spring.application.group and name use #​45627
  • Document that bean methods should be static when annotated with @ConfigurationPropertiesBinding #​45625
  • Document the way that primary Kotlin constructors are used when binding #​45552
  • Improve "profile" reference documentation with additional admonitions #​45550
  • Improve setEnvironmentPrefix(...) reference documentation #​45375
  • Document all the available Testcontainers integrations #​45366
  • Document when a spring.config.import value is relative and when it is fixed #​45362
  • Update link to "Parameter Name Retention" section of Spring Framework's release notes #​45298

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​ahrytsiuk, @​izeye, @​ngocnhan-tran1996, @​nosan, @​quaff, @​thecooldrop, and @​yybmion

v3.4.5

Compare Source

🐞 Bug Fixes

  • Spring Boot with native image container image build fails on podman due to directory permissions #​45256
  • Neo4jReactiveDataAutoConfiguration assumes that certain beans are available #​45235
  • Wrong jOOQ exception translator with empty db name #​45219
  • MessageSourceMessageInterpolator does not replace a parameter when the message matches its code #​45213
  • IntegrationMbeanExporter is not eligible for getting processed by all BeanPostProcessors warnings are shown when using JMX #​45194
  • OAuth2AuthorizationServerJwtAutoConfiguration uses @ConditionalOnClass incorrectly #​45178
  • MongoDB's dependency management is missing Kotlin coroutine driver modules #​45159
  • ImagePlatform can cause "OS must not be empty" IllegalArgumentException #​45153
  • TypeUtils does not handle generics with identical names in different positions #​45039
  • HttpClient5 5.4.3 breaks local Docker transport #​45028
  • spring.datasource.hikari.data-source-class-name cannot be used as a driver class name is always required and Hikari does not accept both #​45002
  • Post-processing to apply custom JdbcConnectionDetails triggers an NPE in Hikari if the JDBC URL is for an unknown driver #​44998
  • DataSourceBuilder triggers an NPE in Hikari when trying to build a DataSource with a JDBC URL for an unknown driver #​44995
  • SSL config does not watch for symlink file changes #​44887
  • EmbeddedLdapAutoConfiguration should not rely on PreDestroy #​44874
  • DataSourceTransactionManagerAutoConfiguration should run after DataSourceAutoConfiguration #​44819
  • JsonValueWriter can throw StackOverflowError on deeply nested items #​44627
  • In a reactive web app, SslBundle can no longer open store file locations without using a 'file:' prefix #​44535
  • Logging a Path object using structured logging throws StackOverflowError #​44507

📔 Documentation

  • Make @Component a javadoc link #​45258
  • Fix documentation links to buildpacks.io #​45241
  • Clarify the use of multiple profile expressions with "spring.config.activate.on-profile" #​45224
  • Show the use of token properties in authorization server clients configuration example #​45176
  • Add details of the purpose of the metrics endpoint #​45047
  • Escape the asterisk in spring-application.adoc #​45033
  • Add reference to Styra (OPA) Spring Boot SDK #​44976
  • Update CDS documentation to cover AOTCache #​44970
  • WebFlux security documentation incorrectly links to servlet classes #​44966
  • Replace mentions of deprecated MockBean annotation #​44947
  • TaskExecution documentation should describe what happens when multiple Executor beans are present #​44908
  • Documentation lists coordinates for some dependencies that are not actually managed #​44879
  • Polish javadoc of SpringProfileAction #​44826

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​EvaristeGalois11, @​MelleD, @​aahlenst, @​ali-jalaal, @​erichaagdev, @​florgust, @​geniusYoo, @​izeye, @​jonatan-ivanov, @​nenros, @​nevenc, @​ngocnhan-tran1996, @​nosan, @​quaff, and @​rainboyan

v3.4.4

Compare Source

❗ Noteworthy Changes

Tomcat APR support is now disabled by default if you are using Java 24 or higher. This change has been made to prevent JDK from issuing warnings.

Please see the updated release notes for details.

🐞 Bug Fixes

  • Actuator throws an exception when using prototype scoped DataSource bean #​44706
  • Docker API error message is missing in some cases #​44630
  • DefaultJmsListenerContainerFactoryConfigurer#setObservationRegistry should not be public #​44585
  • When an application contains multiple DataSource beans, EntityManagerFactoryBuilder will default ddl-auto to a value that may only be appropriate for the primary DataSource #​44516
  • When the main class is not proxied, native testing that uses the application's main method does not work #​44481
  • When loading configuration from a Resource, Log4J2LoggingSystem may not close the InputStream #​44473
  • When loading from a resource, PemContent does not close the InputStream #​44454
  • ResourceBanner does not close the InputStream used to read the banner #​44452
  • ConfigDataLocationResolvers and PropertySourceLoaders are loaded using a potentially different class loader #​44450
  • Kafka message sending fails with 'class SslBundleSslEngineFactory could not be found' #​44437
  • Kafka in native-image fails when using SSL bundles #​44436
  • Nested test classes don't inherit properties from @DataJpaTest on enclosing class #​44407
  • Failure diagnostics are poor when trying to use an image platform that is not supported by the builder #​44059
  • Checking if APR is available logs a warning on Java 24 #​44033

📔 Documentation

  • Multiline properties in documentation are missing backslashes #​44790
  • Polish javadoc of SqlR2dbcScriptDatabaseInitializer #​44764
  • Document support for Java 24 #​44754
  • Remove OpenShift link that 404s #​44748
  • Fix link to javadoc for JavaExec.setArgsString #​44536
  • Fix typo in documentation #​44523
  • Update descriptions of properties that no longer require Flyway Teams #​44483
  • Fix typo in javadoc of CommonStructuredLogFormat#ELASTIC_COMMON_SCHEMA #​44469
  • Samples for metadata annotation processers have invalid fold attribute #​44420
  • Clarify which Mongo properties are ignored when URI property is set #​44404
  • Adapt Javadoc reference of JooqExceptionTranslator to use ExceptionTranslatorExecuteListener #​44402

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​KmYgJn, @​bekoenig, @​bernie-schelberg-invicara, @​dmitrysulman, @​izeye, @​metters, @​ngocnhan-tran1996, @​nosan, and @​quaff

v3.4.3

Compare Source

⚠️ Noteworthy

⭐ New Features

  • Add TWENTY_FOUR to JavaVersion enum #​44209

🐞 Bug Fixes

  • Console output may be lost when using Log4j2 with something that replaces System.out #​44380
  • Maven plugin does not consistently use ArgFile for classpath argument on Windows #​44328
  • Reactive Jetty web server does not fail fast when configured to use a server name bundle which Jetty does not support #​44319
  • When web server application context refresh fails, the original failure is lost if stopping or destroying the web server throws an exception #​44317
  • View resolver for Thymeleaf should back off if spring-webmvc is not present #​44296
  • WebServer is not destroyed when ReactiveWebServerApplicationContext refresh fails #​44294
  • Non-default DataSource candidates are not considered in H2ConsoleAutoConfiguration #​44293
  • Banner placeholder and defaults do not work during development #​44255
  • Mustache templates return with ISO-8859-1 charset rather than UTF-8 in Content-Type response header #​44193
  • Servlet EndpointRequest doesn't match web server namespace correctly #​44188
  • java.lang.ClassCastException when using default management security with WebFlux and health probes enabled #​44052
  • Logback configuration that relies on inner-classes does not work in a native image #​44025
  • IllegalStateException: Unable to register SSL bundle after 3.3.8 or 3.4.2 #​43989
  • Metrics and health do not include non-default candidate beans #​43481

📔 Documentation

  • Document that auto-configuration classes should be identified using their binary names #​44303
  • Correct typo in MVC security when explaining when UserDetailsService auto-configuration will back off #​44301
  • Link to JarLauncher's javadoc #​44170
  • When using observability annotations, recommend that care is taken to avoid double instrumentation #​44145
  • Fix typo in Running Your Application #​44035
  • Document Kubernetes preStop handler when using a Docker image without a shell #​44022
  • Source snippet in Developing Your First Spring Boot Application section uses the root package #​43983
  • Correct the location of MyApplication.java in "Developing Your First Spring Boot Application" #​43975
  • Add links to Jackson Javadoc #​43971
  • Warn that some Quartz database schema scripts must be modified before use #​43958

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Ru311, @​ashishkujoy, @​izeye, @​jearton, @​ngocnhan-tran1996, @​nosan, @​quaff, and @​timotheeandres

v3.4.2

Compare Source

🐞 Bug Fixes

  • Property metadata for "logging.structured.json.customizer" has incorrect type #​43916
  • GraylogExtendedLogFormatProperties throws NullPointerException when only 'logging.structured.gelf.host' is specified #​43863
  • Structured logging properties have no effect in a native image #​43862
  • Docker Compose support for ClickHouse does not allow an empty password when ALLOW_EMPTY_PASSWORD=yes #​43790
  • docker compose ps now fails due to unknown --orphans flag with 2.23 or earlier #​43717
  • Build info timestamp is truncated to seconds #​43617
  • FileWatcher used for SSL reload does not support symlinks #​43604
  • BindableRuntimeHintsRegistrar should handle TypeNotPresentException #​43600
  • CapturedOutput is empty when using Log4J2 StatusLogger #​43578
  • Spring Boot 3.4 is not compatible with Gson 2.10 #​43442
  • NoClassDefFoundError when using JUnit to test a Gradle 7.6.x app that depends on spring-boot-actuator-autoconfigure but not on org.junit.platform:junit-platform-launcher #​43340

📔 Documentation

  • Document that the @ConfigurationProperties annotation processor cannot generate description and defaultValue metadata for external types #​43929
  • Fix description of management.metrics.graphql.autotime.enabled #​43905
  • Document 'base64:' prefix support #​43835
  • Document handling of @Fallback beans in ConditionalOnSingleCandidate's javadoc #​43826
  • Javadoc of DataSourceBuilder does not reference all supported types #​43732
  • Update OpenTelemetry section in Supported Monitoring Systems to refer to OTLP instead #​43729
  • Consistently document the minimum supported versions of Gradle #​43725
  • Document that system libraries are a reason to customize the builder and switch away from builder-jammy-java-tiny #​43716
  • Links to the Javadoc of Jakarta Messaging are invalid #​43662
  • Paragraph HTML tags are rendered as-is in Maven Plugin reference documentation #​43623
  • Javadoc link for jakarta.xml.bind is invalid #​43607
  • Documentation still has references to 'layertools' #​43605
  • Javadoc of ConstructorBinding should not use markdown formatting #​43599
  • Managed Dependency Coordinates lists Spock and OkHttp dependencies that are not managed #​43584

🔨 Dependency Upgrades

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​arefbehboudi, @​dreis2211, @​gavarava, @​hezean, @​izeye, @​jxblum, @​ngocnhan-tran1996, @​nosan, @​quaff, and @​tmaciejewski

v3.4.1

Compare Source

🐞 Bug Fixes

  • KafkaProperties fail to build SSL properties when the bundle name is an empty string #​43563
  • Diagnostics are poor when property resolution throws a ConversionFailedException #​43559
  • SpringApplicationShutdownHandlers do not run in deterministic order #​43536
  • Unable to find a @SpringBootConfiguration results in misleading error message #​43507
  • With multiple ResourceHandlerRegistrationCustomizer beans in the context, only one of them is used #​43497
  • Unable to use Docker Compose support when mixing dedicated and shared services #​43472
  • Kafka dependency management does not include the kafka-server module #​43454
  • Docker API version is incorrectly reported when '/_ping` calls fail and version should be fixed #​43452
  • Methods to build producer / consumer properties from KafkaProperties are inconvienenent to use without an SSL bundle #​43448
  • Failures in -Djarmode=tools do not consistently return a non-zero exit #​43436
  • HttpComponentsClientHttpRequestFactoryBuilder replaces the existing defaultRequestConfigCustomizer rather than adding to it #​43429
  • spring-boot-maven-plugin sets imagePlatform even if it's empty #​43424
  • OnBeanCondition fails to match on annotations when using Scoped Proxies [#​43423](https://redirec

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,every weekend,before 5am every weekday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added dependencies use for pull requests that update a dependency file filigran team use to identify PR from the Filigran team labels Mar 7, 2025
@guillaumejparis
Copy link
Member

old autoclosed one : #2075

@renovate renovate bot force-pushed the renovate/release/current-spring-boot branch 2 times, most recently from 8179a23 to da753eb Compare March 21, 2025 22:19
@renovate renovate bot changed the title [backend] Update spring boot to v3.4.3 (release/current) [backend] Update spring boot to v3.4.4 (release/current) Mar 21, 2025
@renovate renovate bot force-pushed the renovate/release/current-spring-boot branch from da753eb to f749fd0 Compare March 29, 2025 19:25
@renovate renovate bot force-pushed the renovate/release/current-spring-boot branch 2 times, most recently from 2d88e39 to ce4555a Compare April 12, 2025 10:11
@renovate renovate bot force-pushed the renovate/release/current-spring-boot branch from ce4555a to 7579dc4 Compare April 25, 2025 00:39
@renovate renovate bot changed the title [backend] Update spring boot to v3.4.4 (release/current) [backend] Update spring boot to v3.4.5 (release/current) Apr 25, 2025
@renovate renovate bot force-pushed the renovate/release/current-spring-boot branch 2 times, most recently from 116e489 to 47806a0 Compare May 3, 2025 15:01
@renovate renovate bot force-pushed the renovate/release/current-spring-boot branch from 47806a0 to 8cbeaf6 Compare May 22, 2025 23:45
@renovate renovate bot changed the title [backend] Update spring boot to v3.4.5 (release/current) [backend] Update spring boot to v3.5.0 (release/current) May 22, 2025
@renovate renovate bot force-pushed the renovate/release/current-spring-boot branch from 8cbeaf6 to fdfd54d Compare June 9, 2025 23:51
@renovate renovate bot force-pushed the renovate/release/current-spring-boot branch from fdfd54d to 159ba70 Compare June 16, 2025 00:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies use for pull requests that update a dependency file filigran team use to identify PR from the Filigran team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@guillaumejparis