Update dependency org.springframework.boot:spring-boot-starter-web to v4

[dev-mend-for-github-com]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
org.springframework.boot:spring-boot-starter-web (source)	compile	major	2.3.1.RELEASE → 4.0.0

By merging this PR, the issue #36 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability	Reachability
Critical	9.8	CVE-2022-22965
High	7.3	CVE-2024-12798
Medium	6.5	CVE-2022-38749
Medium	6.5	CVE-2022-38750
Medium	6.5	CVE-2022-38751
Medium	6.5	CVE-2022-38752
Medium	5.8	CVE-2022-41854
Medium	4.6	CVE-2024-12801
Medium	4.0	CVE-2025-49128

---

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-web)

v4.0.0

Compare Source

Full release notes for Spring Boot 4.0 are available on the wiki. There is also a migration guide to help you upgrade from Spring Boot 3.5.

⭐ New Features

• Change tomcat and jetty runtime modules to starters #​48175
• Rename spring-boot-kotlin-serialization to align with the name of the Kotlinx module that it pulls in #​48076

🐞 Bug Fixes

• Error properties are a general web concern and should not be located beneath server.* #​48201
• With both Jackson 2 and 3 on the classpath, @JsonTest fails due to duplicate jacksonTesterFactoryBean #​48198
• Gradle war task does not exclude starter POMs from lib-provided #​48197
• spring.test.webclient.mockrestserviceserver.enabled is not aligned with its module's name #​48193
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #​48182
• Properties bound in the child management context ignore the parent's environment prefix #​48177
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #​48171
• Starter for spring-boot-micrometer-metrics is missing #​48161
• Elasticsearch client's sniffer functionality should not be enabled by default #​48155
• spring-boot-starter-elasticsearch should depend on elasticsearch-java #​48141
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #​48132
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #​48128
• Properties for configuring an isolated JsonMapper or ObjectMapper are incorrectly named #​48116
• Buildpack fails with recent Docker installs due to hardcoded version in URL #​48103
• Image building may fail when specifying a platform if an image has already been built with a different platform #​48099
• Default values of Kotlinx Serialization JSON configuration properties are not documented #​48097
• Custom XML converters should override defaults in HttpMessageConverters #​48096
• Kotlin serialization is used too aggressively when other JSON libraries are available #​48070
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #​48059
• Auto-configured JCacheMetrics cannot be customized #​48057
• WebSecurityCustomizer beans are excluded by WebMvcTest #​48055
• Deprecated EnvironmentPostProcessor does not resolve arguments #​48047
• RetryPolicySettings should refer to maxRetries, not maxAttempts #​48023
• Devtools Restarter does not work with a parameterless main method #​47996
• Dependency management for Kafka should not manage Scala 2.12 libraries #​47991
• spring-boot-mail should depend on jakarta.mail:jakarta.mail-api and org.eclipse.angus:angus-mail instead of org.eclipse.angus:jakarta.mail #​47983
• spring-boot-starter-data-mongodb-reactive has dependency on reactor-test #​47982
• Support for ReactiveElasticsearchClient is in the wrong module #​47848

📔 Documentation

• Removed property spring.test.webclient.register-rest-template is still documented #​48199
• Mention support for detecting AWS ECS in "Deploying to the Cloud" #​48170
• Revise AWS section of "Deploying to the Cloud" in reference manual #​48163
• Fix typo in PortInUseException Javadoc #​48134
• Correct section about required setters in "Type-safe Configuration Properties" #​48131
• Use since attribute in configuration properties deprecation consistently #​48122
• Document EndpointJsonMapper and management.endpoints.jackson.isolated-json-mapper #​48115
• Document support for configuring servlet context init parameters using properties #​48112
• Some configuration properties are not documented in the appendix #​48095
• Clarify how warnings about soon-to-expire SSL certificates are reported #​48063
• Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #​48053
• Document the level of support for the OpenTelemetry APIs #​47960
• Document that you need to build with Java 25 for buildpack build-image Graal support #​45501

🔨 Dependency Upgrades

• Upgrade to Cassandra Driver 4.19.2 #​48184
• Upgrade to DB2 JDBC 12.1.3.0 #​48087
• Upgrade to Elasticsearch Client 9.2.1 #​48137
• Upgrade to GraphQL Java 25.0 #​48034
• Upgrade to Hibernate 7.1.8.Final #​48150
• Upgrade to Jackson Bom 3.0.2 #​48089
• Upgrade to Jetty 12.1.4 #​48120
• Upgrade to Jetty Reactive HTTPClient 4.1.4 #​48151
• Upgrade to jOOQ 3.19.28 #​48090
• Upgrade to Kafka 4.1.1 #​48185
• Upgrade to Logback 1.5.21 #​48091
• Upgrade to Micrometer 1.16.0 #​47820
• Upgrade to Micrometer Tracing 1.6.0 #​47821
• Upgrade to MySQL 9.5.0 #​48092
• Upgrade to Native Build Tools Plugin 0.11.3 #​48051
• Upgrade to Neo4j Java Driver 6.0.2 #​47997
• Upgrade to Prometheus Client 1.4.3 #​48093
• Upgrade to Reactor Bom 2025.0.0 #​47822
• Upgrade to Spring AMQP 4.0.0 #​47823
• Upgrade to Spring Batch 6.0.0 #​47834
• Upgrade to Spring Data Bom 2025.1.0 #​47824
• Upgrade to Spring Framework 7.0.1 #​48168
• Upgrade to Spring GraphQL 2.0.0 #​47826
• Upgrade to Spring HATEOAS 3.0.0 #​47827
• Upgrade to Spring Integration 7.0.0 #​47828
• Upgrade to Spring Kafka 4.0.0 #​47829
• Upgrade to Spring LDAP 4.0.0 #​47999
• Upgrade to Spring Pulsar 2.0.0 #​47830
• Upgrade to Spring RESTDocs 4.0.0 #​47831
• Upgrade to Spring Security 7.0.0 #​47832
• Upgrade to Spring Session 4.0.0 #​48000
• Upgrade to Spring WS 5.0.0 #​47833
• Upgrade to Testcontainers 2.0.2 #​48152
• Upgrade to Tomcat 11.0.14 #​48094

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​K-jun98, @​TerryTaoYY, @​filiphr, @​hojooo, @​linw-bai, @​nosan, @​scottfrederick, @​stevearmstrong-dev, @​stewue, and @​vpavic

v3.5.13

Compare Source

⚠️ Attention Required

• Jackson has been upgraded to 2.21.2 in response to the Jackson team ending support for Jackson 2.19.x and 2.20.x. #​49365

🐞 Bug Fixes

• WebSocket messaging's task executors are only auto-configured and stompWebSocketHandlerMapping is only forced to be eager when using Jackson #​49750
• Metadata annotation processor ignores method-level @NestedConfigurationProperty when using constructor binding #​49734
• Override of property in external 'application.properties' or 'application.yaml' is ignored #​49724
• Some sliced tests that import TransactionAutoConfiguration do not import TransactionManagerCustomizationAutoConfiguration #​49716
• NativeImageResourceProvider does not find Flyway migration scripts in subdirectories #​49661
• @GraphQlTest does not include @ControllerAdvice #​49660

📔 Documentation

• Fix incorrect indefinite articles in Javadoc #​49723
• Add some more Kotlin examples and trivial style fixes #​49710

🔨 Dependency Upgrades

• Upgrade to Hibernate 6.6.45.Final #​49757
• Upgrade to jOOQ 3.19.31 #​49758
• Upgrade to Netty 4.1.132.Final #​49759
• Upgrade to Tomcat 10.1.53 #​49760
• Upgrade to Undertow 2.3.24.Final #​49761
• Upgrade to Zipkin Reporter 3.5.3 #​49756

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Joowon-Seo, @​deejay1, @​dlwldnjs1009, and @​ljrmorgan

v3.5.12

Compare Source

🐞 Bug Fixes

• EndpointRequest request matcher for health groups is too complex #​49648
• "/cloudfoundryapplication" web path is not limited to Actuator #​49645
• RSocket exposes duplicate endpoint for websocket setups #​49592
• Fix EndpointRequest.toLinks() when base-path is '/' #​49591
• SpringBootContextLoader mentions class that no longer exists in message for classes or locations assertion #​49518
• "spring.main.cloud-platform=none" does not disable cloud features #​49478
• Using @AutoConfigureWebTestClient prevents separate configuration of spring.test.webtestclient.timeout from taking effect #​49340
• Ordering of 'spring.config.import' is inconsistent when defined in environment or system properties #​49324
• RouterFunctions descriptions in Actuator do not support nesting #​49289
• Maven plugin does not set '-parameters' option when processing AOT code #​49268
• SSL support with Docker Compose does not work as documented #​49210
• Docker fails when a 'tcp://' address ends with a slash (for example 'tcp://docker:2375/') #​49055

📔 Documentation

• List all supported colors when describing color-coded log output #​49561
• Clarify that running is the only supported input state when triggering a Quartz job through the Actuator endpoint #​49506
• Tutorial in the reference guide has outdated instructions #​49411
• Javadoc of JettyHttpClientBuilder refers to the wrong type #​49364
• Example spring-devtools.properties file is shown in the wrong format #​49357
• Mention using org.springframework.boot.aot Gradle plugin directly for AOT processing with the JVM #​49307
• Update CLI's INSTALL.txt to reflect Groovy no longer being bundled #​49297
• JDK requirement for the CLI still refers to Java 8 #​49290
• Java and Kotlin samples of an environment post processor are inconsistent #​49282
• Document additional repositories required for shibboleth.net #​49260
• Clarify inferred relationships between OAuth 2 registrations and providers #​49240

🔨 Dependency Upgrades

• Upgrade to DB2 JDBC 12.1.4.0 #​49544
• Upgrade to Hibernate 6.6.44.Final #​49457
• Upgrade to Jakarta XML WS 4.0.3 #​49458
• Upgrade to JBoss Logging 3.6.3.Final #​49630
• Upgrade to Jetty 12.0.33 #​49459
• Upgrade to Kafka 3.9.2 #​49460
• Upgrade to Lombok 1.18.44 #​49574
• Upgrade to Maven Failsafe Plugin 3.5.5 #​49461
• Upgrade to Maven Shade Plugin 3.6.2 #​49462
• Upgrade to Maven Surefire Plugin 3.5.5 #​49463
• Upgrade to Micrometer 1.15.10 #​49403
• Upgrade to Micrometer Tracing 1.5.10 #​49404
• Upgrade to Pulsar 4.0.9 #​49464
• Upgrade to Reactor Bom 2024.0.16 #​49405
• Upgrade to Spring Batch 5.2.5 #​49406
• Upgrade to Spring Data Bom 2025.0.10 #​49407
• Upgrade to Spring Framework 6.2.17 #​49408
• Upgrade to Spring HATEOAS 2.5.2 #​49586
• Upgrade to Spring Integration 6.5.8 #​49631
• Upgrade to Spring Kafka 3.3.14 #​49409
• Upgrade to Spring Pulsar 1.2.16 #​49410
• Upgrade to Spring Security 6.5.9 #​49527
• Upgrade to Spring WS 4.1.3 #​49528

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​bbbbooo, @​chandanv89, @​itsmevichu, @​jayychoi, @​l2yujw, @​ngocnhan-tran1996, @​qnnn, @​quaff, and @​sbrannen

v3.5.11

Compare Source

🐞 Bug Fixes

• Whitespace can be incorrectly removed when spring-boot-configuration-processor runs on multi-line javadoc #​49039
• server.jetty.threads.max is ignored when using virtual threads #​48982
• Docker credential helpers with file extensions cannot be executed on Windows #​48965

📔 Documentation

• Couchbase and Kafka are incorrectly listed as supporting SSL with Docker Compose #​49211
• Document that use of non idiomatic format for '@Value' still apply for environment variables #​49054
• Document naming convention for custom test-scoped starters #​49014
• LICENSE.txt and NOTICE.txt files have the wrong content in the latest releases #​48996
• ApplicationContextAssert documents a non-existent assertion in getFailure() #​48973
• Highlight the importance of the preStop hook when configuring Kubernetes probes #​48936

🔨 Dependency Upgrades

• Upgrade to AssertJ 3.27.7 #​49075
• Upgrade to Groovy 4.0.30 #​49076
• Upgrade to Hibernate 6.6.42.Final #​49077
• Upgrade to Jaybird 6.0.4 #​49078
• Upgrade to JBoss Logging 3.6.2.Final #​49079
• Upgrade to Jetty 12.0.32 #​49080
• Upgrade to jOOQ 3.19.30 #​49081
• Upgrade to Logback 1.5.32 #​49243
• Upgrade to Micrometer 1.15.9 #​49064
• Upgrade to Micrometer Tracing 1.5.9 #​49065
• Upgrade to MySQL 9.6.0 #​49083
• Upgrade to Netty 4.1.131.Final #​49165
• Upgrade to Postgresql 42.7.10 #​49201
• Upgrade to Reactor Bom 2024.0.15 #​49066
• Upgrade to Spring Authorization Server 1.5.6 #​49067
• Upgrade to Spring Data Bom 2025.0.9 #​49068
• Upgrade to Spring Framework 6.2.16 #​49069
• Upgrade to Spring GraphQL 1.4.5 #​49070
• Upgrade to Spring Integration 6.5.7 #​49071
• Upgrade to Spring Kafka 3.3.13 #​49244
• Upgrade to Spring LDAP 3.3.6 #​49072
• Upgrade to Spring Pulsar 1.2.15 #​49073
• Upgrade to Spring Security 6.5.8 #​49225
• Upgrade to Spring Session 3.5.5 #​49074
• Upgrade to Tomcat 10.1.52 #​49084
• Upgrade to Undertow 2.3.23.Final #​49166

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​dsyer, @​linkian209, @​nosan, @​quaff, @​scordio, and @​srt

v3.5.10

Compare Source

🐞 Bug Fixes

• Evaluation of bean conditions unnecessarily queries the bean factory for types that are not present #​48836
• When a bean condition references a type that is not present, it appears as ? in the condition evaluation report #​48835
• Actuator /info endpoint fails in Java 25 Native Image (VirtualThreadSchedulerMXBean support) #​48810
• DataSourceBuilder cannot create oracle.ucp.jdbc.PoolDataSourceImpl in a native image #​48702
• Application JAR created by extract command is not reproductible #​48664
• AOT processing of tests should not be disabled when 'skipTests' is set #​48661
• Fix zero-length byte buffer in InspectedContent #​48649

📔 Documentation

• Update documentation for Buildpack's AOT Cache support #​48768
• Document support for configuring arguments passed to Docker Compose #​48657
• Clarify javadoc to make it clear that HazelcastConfigCustomizer beans are only applied if Hazelcast is configured via a config file #​48634
• Fix grammar and typos in the reference guide #​48596

🔨 Dependency Upgrades

• Upgrade to Classmate 1.7.3 #​48775
• Upgrade to Hibernate 6.6.41.Final #​48881
• Upgrade to HttpClient5 5.5.2 #​48777
• Upgrade to Logback 1.5.25 #​48882
• Upgrade to Micrometer 1.15.8 #​48705
• Upgrade to Micrometer Tracing 1.5.8 #​48706
• Upgrade to Pooled JMS 3.1.9 #​48779
• Upgrade to Postgresql 42.7.9 #​48883
• Upgrade to R2DBC MSSQL 1.0.4.RELEASE #​48847
• Upgrade to Reactor Bom 2024.0.14 #​48707
• Upgrade to REST Assured 5.5.7 #​48884
• Upgrade to Spring AMQP 3.2.9 #​48909
• Upgrade to Spring Data Bom 2025.0.8 #​48708
• Upgrade to Spring Integration 6.5.6 #​48921
• Upgrade to Spring Kafka 3.3.12 #​48709
• Upgrade to Spring Pulsar 1.2.14 #​48710
• Upgrade to Undertow 2.3.22.Final #​48848
• Upgrade to WebJars Locator Lite 1.1.3 #​48780

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​GaoSSR, @​izeye, and @​ngocnhan-tran1996

v3.5.9

Compare Source

🐞 Bug Fixes

• RabbitHealthIndicator reports an error when version is missing from the connection's server properties #​48486
• Profiles retained during AOT processing are not configured in a native image #​48475
• NullPointerException in UndertowWebServer.destroy() when using @DirtiesContext and Citrus Spring Boot Simulator #​48450
• Redis health check reports an error when redis_version is missing from the INFO response #​48326
• Parent's MeterRegistry beans are closed when child context closes #​48324
• SpringBootTest.UseMainMethod.WHEN_AVAILABLE and ALWAYS are incompatible with package-private or parameter-less main method #​48271

📔 Documentation

• Documentation has an outdated reference to the Jackson Kotlin Module #​48533
• Caching documentation should clarify how to use a no-op implementation to run a test suite #​48531
• Document that the default rolling policy for Log4j2 requires logging.file.path to be set #​48526
• License header in build samples is displayed in the reference documentation #​48477
• Configuring Two DataSources How-To code sample is inconsistent #​48448
• Improve javadoc for when to use class names rather than class references #​48395
• Document that org.aspectj.weaver.Advice must be on the classpath to enable support for Micrometer's annotations #​48359
• Polish TestRestTemplate examples in the reference guide #​48335
• Fix links to javadoc in the reference documentation #​48299
• Clarify that @EnableBatchProcessing turns off all batch auto-configuration, including schema initialization #​48265
• Kotlin auto-configuration examples are not annotated with @AutoConfiguration #​48227
• Infinispan Cache Documentation is outdated #​48217
• Revise "Use Liquibase for test-only migrations" section in reference manual #​48169

🔨 Dependency Upgrades

• Prevent upgrade to Netty 4.1.129.Final #​48508
• Upgrade to AspectJ 1.9.25.1 #​48557
• Upgrade to Hibernate 6.6.39.Final #​48540
• Upgrade to Jetty 12.0.31 #​48455
• Upgrade to jOOQ 3.19.29 #​48456
• Upgrade to Logback 1.5.22 #​48507
• Upgrade to MariaDB 3.5.7 #​48558
• Upgrade to Micrometer 1.15.7 #​48423
• Upgrade to Micrometer Tracing 1.5.7 #​48424
• Upgrade to Netty 4.1.130.Final #​48541
• Upgrade to Pooled JMS 3.1.8 #​48559
• Upgrade to Pulsar 4.0.8 #​48457
• Upgrade to Quartz 2.5.2 #​48458
• Upgrade to Reactor Bom 2024.0.13 #​48425
• Upgrade to Spring Authorization Server 1.5.5 #​48426
• Upgrade to Spring Data Bom 2025.0.7 #​48427
• Upgrade to Spring Framework 6.2.15 #​48428
• Upgrade to Spring GraphQL 1.4.4 #​48429
• Upgrade to Spring Integration 6.5.5 #​48560
• Upgrade to Spring LDAP 3.3.5 #​48430
• Upgrade to Spring Pulsar 1.2.13 #​48431
• Upgrade to Spring Session 3.5.4 #​48432
• Upgrade to Testcontainers 1.21.4 #​48542
• Upgrade to UnboundID LDAPSDK 7.0.4 #​48459

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​banseok1216, @​berry120, @​dmitrysulman, @​geopark021, @​noojung, @​scottfrederick, @​vpavic, and @​youngledo

v3.5.8

Compare Source

⚠️ Noteworthy changes

• This release contains a fix to get Testcontainers working with modern Docker versions. If this causes problems in your setup, you can downgrade the minimum Docker API, effectively reverting that change.

🐞 Bug Fixes

• Gradle war task does not exclude starter POMs from lib-provided #​48196
• Testcontainers integration fails on Docker 29.0.0 #​48192
• SslMeterBinder doesn't register metrics for dynamically added bundles if no bundles exist at bind time #​48180
• Properties bound in the child management context ignore the parent's environment prefix #​48176
• ssl.chain.expiry metrics doesn't update for dynamically registered SSL bundles #​48153
• Auto-configuration exclusions are checked using a different class loader to the one that loads auto-configuration classes #​48129
• New arm64 macbooks fail to bootBuildImage due to incorrect platform image #​48127
• NullPointerException when using @ConditionalOnSingleCandidate with multiple manually registered singletons #​48123
• Buildpack fails with recent Docker installs due to hardcoded version in URL #​48102
• Image building may fail when specifying a platform if an image has already been built with a different platform #​48098
• Undertow's ServletContext is destroy too early, making it unusable in @PreDestroy methods #​48061
• PortInUseException incorrectly thrown on failure to bind port due to Netty IP misconfiguration #​48058
• Auto-configured JCacheMetrics cannot be customized #​48056
• WebSecurityCustomizer beans are excluded by WebMvcTest #​48054
• Devtools Restarter does not work with a parameterless main method #​47987
• Setting 'max-uri-tags' does not prevent unlimited meter growth on any AutoConfiguredCompositeMeterRegistry #​47923
• Docker response 407 is not handled correctly resulting in no error message #​47900
• spring-boot-maven-plugin process-aot goal does not find package-private main method #​47780

📔 Documentation

• Revise AWS section of "Deploying to the Cloud" in reference manual #​48156
• Fix typo in PortInUseException Javadoc #​48133
• Correct section about required setters in "Type-safe Configuration Properties" #​48130
• Document EndpointObjectMapper and management.endpoints.jackson.isolated-object-mapper #​48114
• Document support for configuring servlet context init parameters using properties #​48111
• Clarify how warnings about soon-to-expire SSL certificates are reported #​48062
• Document how to use ContextPropagatingTaskDecorator for propagating trace context over thread boundaries #​48052
• Use since attribute in configuration properties deprecation consistently #​47980
• BootstrapContext#getOrElseThrow has incorrect reference to IllegalStateException #​47905
• Clarify when BootstrapContext get methods may return null rather than throwing an exception or calling the fallback supplier #​47898
• Document that Actuator endpoint may have at most one extension of each type #​47873
• Limit Kotlin API documentation to Kotlin-specific APIs #​47859
• Adapt AOTCache documentation to JEP 514 #​47274

🔨 Dependency Upgrades

• Downgrade to Cassandra Driver 4.19.0 #​47926
• Upgrade to AspectJ 1.9.25 #​48005
• Upgrade to Caffeine 3.2.3 #​48006
• Upgrade to Cassandra Driver 4.19.2 #​48183
• Upgrade to DB2 JDBC 12.1.3.0 #​48083
• Upgrade to Hibernate 6.6.36.Final #​48148
• Upgrade to Jackson Bom 2.19.4 #​48008
• Upgrade to Jetty 12.0.30 #​48118
• Upgrade to Jetty Reactive HTTPClient 4.0.13 #​48149
• Upgrade to jOOQ 3.19.28 #​48084
• Upgrade to Logback 1.5.21 #​48085
• Upgrade to Micrometer 1.15.6 #​48009
• Upgrade to Micrometer Tracing 1.5.6 #​48010
• Upgrade to MySQL 9.5.0 #​48011
• Upgrade to Neo4j Java Driver 5.28.10 #​48044
• Upgrade to Quartz 2.5.1 #​48012
• Upgrade to R2DBC Postgresql 1.0.9.RELEASE #​48013
• Upgrade to Reactor Bom 2024.0.12 #​48014
• Upgrade to Spring Data Bom 2025.0.6 #​48039
• Upgrade to Spring Framework 6.2.14 #​48166
• Upgrade to Spring Integration 6.5.4 #​48040
• Upgrade to Spring Kafka 3.3.11 #​48041
• Upgrade to Spring Pulsar 1.2.12 #​48042
• Upgrade to Spring Security 6.5.7 #​48043
• Upgrade to Tomcat 10.1.49 #​48086

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​K-jun98, @​TerryTaoYY, @​hojooo, @​linw-bai, @​mipo256, @​namest504, @​ngocnhan-tran1996, @​nosan, @​scottfrederick, @​siva-sai-udaygiri, @​tschut, and @​vpavic

v3.5.7

Compare Source

⭐ New Features

• Add TWENTY_FIVE to JavaVersion enum #​47609

🐞 Bug Fixes

• Signed jar verification fails when nested in an uber war running on an Oracle JVM #​47771
• In an uber war, value of the Sbom-Location manifest attribute does not match the SBOM's actual location #​47737
• Homebrew formula for the CLI should use libexec #​47722
• When virtual threads are enabled, embedded Jetty does not use recommended virtual thread configuration #​47717
• ClientHttpRequestFactoryRuntimeHints is missing timeout methods with Duration overloads #​47678
• OnBeanCondition no longer correctly finds annotations on scoped target proxy beans #​47635
• JavaVersion doesn't work reliably in native-image #​47620
• LiquibaseEndpoint always uses defaultSchema instead of liquibaseSchema #​47346
• Launcher fails to find main method when it is parameterless #​47311
• Package private Main class using Java 25 is not found by build plugins #​47309
• Bitnami legacy images are not automatically detected #​47275
• Maven plugin does not provide an easy way to exclude optional dependencies from uber jar #​25403

📔 Documentation

• Some spring.test.* properties are not documented #​47775
• Dependency management for Maven AntRun Plugin is missing changelog link #​47744
• Developing Your First Spring Boot Application has outdated tools #​47700
• Include deprecated configuration properties in the reference documentation #​47669
• Aggregated Javadoc should link to the proper version of JakartaEE #​47593
• Update javadoc of TestRestTemplate following change to redirect behavior #​47474
• Use non-deprecated syntax to configure sourceCompatibility #​47343
• Fix link to Framework's @Bean annotation #​47330
• Update managed dependency version override examples in documentation #​47306

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.8 #​47767
• Upgrade to Angus Mail 2.0.5 #​47525
• Upgrade to AssertJ 3.27.6 #​47526
• Upgrade to Byte Buddy 1.17.8 #​47527
• Upgrade to Cassandra Driver 4.19.1 #​47768
• Upgrade to Classmate 1.7.1 #​47528
• Upgrade to Elasticsearch Client 8.18.8 #​47671
• Upgrade to Glassfish JAXB 4.0.6 #​47529
• Upgrade to GraphQL Java 24.3 #​47755
• Upgrade to Groovy 4.0.29 [#​47713](https://redirect.github.com/spring-projects/spring-boot/i