fix(deps): update spring boot to v3.5.6

[renovate]

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Change	Age	Confidence
org.springframework.boot:spring-boot-starter-parent (source)	3.2.5 -> 3.5.6
org.springframework.boot	3.2.5 -> 3.5.6

---

Release Notes

spring-projects/spring-boot (org.springframework.boot:spring-boot-starter-parent)

v3.5.6

Compare Source

v3.5.5

Compare Source

🐞 Bug Fixes

• Hazelcast health indicator reports the wrong status when Hazelcast has shut down due to an out-of-memory error #​46909
• Performance critical tracing code has high overhead due to the use of the Stream API #​46844
• SpringLiquibaseCustomizer is exposed outside its defined visibility scope #​46758
• Race condition in OutputCapture can result in stale data #​46721
• Auto-configured WebClient no longer uses context's ReactorResourceFactory #​46673
• Default value not detected for a field annoted with @Name #​46666
• Missing metadata when using @Name with a constructor-bound property #​46663
• Missing property for Spring Authorization Server's PAR endpoint #​46641
• Property name is incorrect when reporting a mis-configured OAuth 2 Resource Server JWT public key location #​46636
• Memory not freed on context restart in JpaMetamodel#CACHE with spring.main.lazy-initialization=true #​46634
• Auto-configured MockMvc ignores @FilterRegistration annotation #​46605
• Failure to discover default value for a primitive should not lead to document its default value #​46561

📔 Documentation

• Kotlin samples for configuration metadata are in the wrong package #​46857
• Observability examples in the reference guide are missing the Kotlin version #​46798
• Align method descriptions for SslOptions getCiphers and getEnabledProtocols with @returns #​46769
• Tracing samples in the reference guide are missing the Kotlin version #​46767
• Improve Virtual Threads section to mention the changes in Java 24 #​46610
• spring.test.webtestclient.timeout is not documented #​46588
• spring-boot-test-autoconfigure should use the configuration properties annotation processor like other modules #​46585
• Adapt deprecation level for management.health.influxdb.enabled #​46580
• spring.test.mockmvc properties are not documented #​46578

🔨 Dependency Upgrades

• Upgrade to Angus Mail 2.0.4 #​46725
• Upgrade to AssertJ 3.27.4 #​46726
• Upgrade to Byte Buddy 1.17.7 #​46883
• Upgrade to Couchbase Client 3.8.3 #​46794
• Upgrade to Elasticsearch Client 8.18.5 #​46830
• Upgrade to Hibernate 6.6.26.Final #​46884
• Upgrade to Hibernate Validator 8.0.3.Final #​46728
• Upgrade to HikariCP 6.3.2 #​46729
• Upgrade to Jersey 3.1.11 #​46730
• Upgrade to Jetty 12.0.25 #​46831
• Upgrade to Jetty Reactive HTTPClient 4.0.11 #​46885
• Upgrade to jOOQ 3.19.25 #​46808
• Upgrade to MariaDB 3.5.5 #​46779
• Upgrade to Maven Javadoc Plugin 3.11.3 #​46886
• Upgrade to Micrometer 1.15.3 #​46701
• Upgrade to Micrometer Tracing 1.5.3 #​46702
• Upgrade to MySQL 9.4.0 #​46732
• Upgrade to Netty 4.1.124.Final #​46832
• Upgrade to Pulsar 4.0.6 #​46733
• Upgrade to Reactor Bom 2024.0.9 #​46703
• Upgrade to REST Assured 5.5.6 #​46849
• Upgrade to Spring Authorization Server 1.5.2 #​46704
• Upgrade to Spring Data Bom 2025.0.3 #​46705
• Upgrade to Spring Framework 6.2.10 #​46706
• Upgrade to Spring Kafka 3.3.9 #​46871
• Upgrade to Spring LDAP 3.3.3 #​46707
• Upgrade to Spring Pulsar 1.2.9 #​46708
• Upgrade to Spring RESTDocs 3.0.5 #​46920
• Upgrade to Spring Security 6.5.3 #​46709
• Upgrade to Spring Session 3.5.2 #​46710
• Upgrade to Tomcat 10.1.44 #​46734

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kguswo, @​deejay1, @​ganjisriver, @​izeye, @​jetflo, @​ngocnhan-tran1996, @​nicolasgarea, @​nosan, @​prishedko, @​quaff, @​schmidti159, @​scordio, @​shakuzen, @​tommyk-gears, @​zahra7, and @​zakaria-shahen

v3.5.4

Compare Source

🐞 Bug Fixes

• LambdaSafe.withFilter is not public #​46474
• Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #​46402
• Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #​46398
• Additional fields for structured JSON logging incompatible with nested ecs logging in 3.5.x #​46351
• Change in DefaultErrorAttributes alters the shape of API validation error responses #​46260
• jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #​46225
• developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #​46205
• Hash calculation for uber archive entries that require unpacking is inefficient #​46203
• Permissions are applied inconsistently when building uber archives with Gradle #​46194
• Environment variables using legacy dash format can no longer be bound #​46184
• EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #​46180
• Executable JAR application class encounters performance issues #​46177
• Executable JAR application class encounters performance issues #​46176
• Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #​46174
• Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #​46170
• SslInfo does not use its Clock when checking certificate validity #​46011

📔 Documentation

• Fix description of spring.batch.job.enabled #​46247
• Fix broken Kotlin examples in reference documentation #​46168
• Add Logback Access Reactor Netty to community starters #​46060

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.7 #​46373
• Upgrade to Caffeine 3.2.2 #​46432
• Upgrade to Couchbase Client 3.8.2 #​46460
• Upgrade to GraphQL Java 24.1 #​46395
• Upgrade to Groovy 4.0.28 #​46516
• Upgrade to Hibernate 6.6.22.Final #​46492
• Upgrade to HikariCP 6.3.1 #​46493
• Upgrade to Infinispan 15.2.5.Final #​46461
• Upgrade to Jackson Bom 2.19.2 #​46494
• Upgrade to Jetty 12.0.23 #​46375
• Upgrade to MariaDB 3.5.4 #​46376
• Upgrade to Maven Invoker Plugin 3.9.1 #​46377
• Upgrade to Micrometer 1.15.2 #​46280
• Upgrade to Micrometer Tracing 1.5.2 #​46281
• Upgrade to MSSQL JDBC 12.10.1.jre11 #​46378
• Upgrade to MySQL 9.3.0 #​46371
• Upgrade to Neo4j Java Driver 5.28.9 #​46434
• Upgrade to Netty 4.1.123.Final #​46435
• Upgrade to Prometheus Client 1.3.10 #​46379
• Upgrade to Reactor Bom 2024.0.8 #​46282
• Upgrade to RxJava3 3.1.11 #​46380
• Upgrade to Spring AMQP 3.2.6 #​46283
• Upgrade to Spring Data Bom 2025.0.2 #​46284
• Upgrade to Spring Framework 6.2.9 #​46218
• Upgrade to Spring GraphQL 1.4.1 #​46381
• Upgrade to Spring Integration 6.5.1 #​46359
• Upgrade to Spring Kafka 3.3.8 #​46360
• Upgrade to Spring LDAP 3.3.2 #​46285
• Upgrade to Spring Pulsar 1.2.8 #​46286
• Upgrade to Spring Security 6.5.2 #​46477
• Upgrade to Spring WS 4.1.1 #​46362
• Upgrade to Testcontainers 1.21.3 #​46382
• Upgrade to Tomcat 10.1.43 #​46383
• Upgrade to XmlUnit2 2.10.3 #​46384

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Dockerel, @​PiyalAhmed, @​benelog, @​dmitrysulman, @​izeye, @​ngocnhan-tran1996, @​nosan, and @​quaff

v3.5.3

Compare Source

🐞 Bug Fixes

• Binder context does not restore previous source causing missing data on Spring Boot 3.5 or above #​46040

v3.5.2

Compare Source

🐞 Bug Fixes

• IllegalArgumentException: 'name' must not be null thrown when property source filtering applied twice #​46032

v3.5.1

Compare Source

⚠️ Noteworthy Changes

• This release upgrades to Tomcat 10.1.42 which has introduced limits for part count and header size in multipart/form-data requests. These limits can be customized using server.tomcat.max-part-count and server.tomcat.max-part-header-size respectively.

⭐ New Features

• Allow Specifying ConfigData.Options On ConfigDataEnvironmentContributors #​42932

🐞 Bug Fixes

• Executable JAR application class encounters performance issues when classpath URLs reference a host #​46028
• Loading from spring.factories may fail with a ClassNotFoundException when the TCCL changes between calls #​46019
• spring.couchbase.authentication.jks.private-key-password has no effect #​46006
• Actuator heapdump endpoint is failing on modern OpenJ9 JVMs #​46005
• UnboundConfigurationPropertiesException is no longer thrown from IndexedElementsBinder #​45994
• DataSouceBuilder can fail with a NPE when the driver is null #​45992
• JSON writer incorrectly escapes forward slash which can cause structure logging issues #​45980
• ManagementContextAutoConfiguration adds a property source that degrades binding performance #​45968
• ClientHttpConnectorAutoConfiguration fails to load when 'java.net.http.HttpClient' is unavailable #​45955
• It is not possible to opt-out of profile validation or use profile names that contain '.' #​45947
• GraphQlProperties.DeprecatedSse is not annotated as deprecated #​45878
• SpringApplication.setEnvironmentPrefix is ignored when reading MANAGEMENT_SERVER_PORT #​45857
• Write and delete operations no longer work in the Cloud Foundry actuator support with Spring Security due to CSRF protection #​45848
• ConditionalOnAvailableEndpoint does not use the ConditionContext's ClassLoader to load exposure outcome contributors #​45803
• Binding no longer works with sytem environment properties that are not upper case #​45741
• ManagementWebServerFactoryCustomizer and ManagementErrorPageCustomizer should not have the same order #​45736
• Default version of Awailitility is not compatible with Kotlin 1.9 baseline #​45673
• Spring Boot 3.5's dependency management should have been upgraded to Lettuce 6.6.0.RELEASE #​45670
• Spring Boot 3.5's dependency management should have been upgraded to Jedis 6.0.0 #​45669
• SAML2 autoconfiguration is not imported by @WebMvcTest #​45666
• Spring Boot 3.5's dependency management should have been upgraded to MongoDB 5.5.0 #​45660

📔 Documentation

• Fix Docker security options links in Packaging OCI images sections #​46021
• Improve documentation for configuring Spring Security with '/error' #​46009
• Timestamps in Retrieving Audit Events examples do not match the accompanying text #​45997
• Add SSL response structure to actuator info endpoint documentation #​45921
• Update javadoc of test slice annotations to suggest MockitoBean rather than MockBean #​45915
• Include configuration classes from all modules in the "Auto-configuration Classes" appendix #​45863
• Links to Testcontainers javadoc for many classes not in the core testcontainers module do not work #​45844
• Update documentation to reflect changes in TestRestTemplate's default redirect behavior #​45842
• Deprecation replacement for spring.codec.* properties has a typo #​45743
• Gradle Shadow Plugin link in the reference guide is outdated #​45740
• Example of using prometheus-metrics-exporter-pushgateway has wrong artifactId #​45684
• Document use of git-commit-id-maven-plugin consistently #​45683
• Update javadoc of Configurer classes that apply sensible defaults to describe how they're typically used #​45656

🔨 Dependency Upgrades

• Upgrade to Build Helper Maven Plugin 3.6.1 #​45827
• Upgrade to Byte Buddy 1.17.6 #​45981
• Upgrade to Caffeine 3.2.1 #​45864
• Upgrade to DB2 JDBC 12.1.2.0 #​45942
• Upgrade to Git Commit ID Maven Plugin 9.0.2 #​45828
• Upgrade to Groovy 4.0.27 #​45829
• Upgrade to Hibernate 6.6.18.Final #​45958
• Upgrade to HttpClient5 5.5 #​46031
• Upgrade to Infinispan 15.2.4.Final #​45943
• Upgrade to Jackson Bom 2.19.1 #​45982
• Upgrade to Jaybird 6.0.2 #​45832
• Upgrade to Jetty 12.0.22 #​45834
• Upgrade to Jetty Reactive HTTPClient 4.0.10 #​45833
• Upgrade to jOOQ 3.19.24 #​45944
• Upgrade to Micrometer 1.15.1 #​45776
• Upgrade to Micrometer Tracing 1.5.1 #​45777
• Upgrade to MongoDB 5.5.1 #​45865
• Upgrade to Netty 4.1.122.Final #​45835
• Upgrade to Postgresql 42.7.7 #​45945
• Upgrade to Prometheus Client 1.3.8 #​45837
• Upgrade to Pulsar 4.0.5 #​45838
• Upgrade to Reactor Bom 2024.0.7 #​45778
• Upgrade to REST Assured 5.5.5 #​45839
• Upgrade to Spring Authorization Server 1.5.1 #​45779
• Upgrade to Spring Data Bom 2025.0.1 #​45780
• Upgrade to Spring Framework 6.2.8 #​45781
• Upgrade to Spring HATEOAS 2.5.1 #​45946
• Upgrade to Spring Kafka 3.3.7 #​45782
• Upgrade to Spring LDAP 3.3.1 #​45783
• Upgrade to Spring Pulsar 1.2.7 #​45784
• Upgrade to Spring RESTDocs 3.0.4 #​45785
• Upgrade to Spring Security 6.5.1 #​45786
• Upgrade to Spring Session 3.5.1 #​45787
• Upgrade to Testcontainers 1.21.2 #​46029
• Upgrade to Tomcat 10.1.42 #​45872
• Upgrade to UnboundID LDAPSDK 7.0.3 #​45983
• Upgrade to XmlUnit2 2.10.2 #​45841
• Upgrade to Zipkin Reporter 3.5.1 #​45826

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Peksa, @​Rutujakolte03, @​chanbinme, @​csbiy, @​davidlj95, @​izeye, @​juliojgd, @​ngocnhan-tran1996, @​nicolasgarea, @​nosan, @​quaff, @​shekharAggarwal, @​tanruian, and @​wonyongg

v3.5.0

Compare Source

Full release notes for Spring Boot 3.5 are available on the wiki.

⭐ New Features

• Make heapdump endpoint restricted by default #​45624
• Remove SSL status tag from metrics #​45602
• Remove 'spring.http.client' deprecation and change 'spring.http.reactiveclient.settings' to 'spring.http.reactiveclient' #​45507

🐞 Bug Fixes

• Unable to override/set nested ConfigurationProperties by passing as a system property #​45639
• ValidationAutoConfiguration triggers early initialization of properties binding #​45618
• Micrometer "enable" annotations property does not cover observed aspect #​45617
• spring.graphql.sse.timeout is no longer exposed #​45613
• SpringApplication.setEnvironmentPrefix is ignored when reading SPRING_PROFILES_ACTIVE #​45549
• IllegalStateException when extracting using layers a module with no code of its own #​45449
• Removed spring.batch.initialize-schema property is still considered #​45380
• ReactorHttpClientBuilder does not offer a factory method to create the HttpClient #​45378
• Suggested values for spring.jpa.hibernate.ddl-auto are not aligned with Hibernate #​45351
• Custom default units declared on a field are ignored when binding properties in a native image #​45347
• DockerRegistryConfigAuthentication uses the wrong serverUrl as a fallback for the Credentials helper #​45345
• Various spring.datasource properties are mistakenly marked as ignored #​45342
• JerseyWebApplicationInitializer always gets loaded, setting a ServletContext initParameter #​45297
• DockerRegistryConfigAuthentication does not align with Docker CLI #​45292
• Unlike the Docker CLI, "\x00" characters are not trimmed from a decoded Docker Registry password #​45290
• CloudFoundry security matcher logs a warning due to use of the 'ignoring()' method #​32622

📔 Documentation

• Document the java info contribution #​45634
• Document the process info contribution #​45632
• Document the os info contribution #​45630
• Document typical spring.application.group and name use #​45628
• Document that bean methods should be static when annotated with @ConfigurationPropertiesBinding #​45626
• Document the way that primary Kotlin constructors are used when binding #​45553
• Improve "profile" reference documentation with additional admonitions #​45551
• Improve setEnvironmentPrefix(...) reference documentation #​45376
• Document all the available Testcontainers integrations #​45367
• Document when a spring.config.import value is relative and when it is fixed #​45363
• Update org.cyclonedx.bom version in docs to 2.3.0 #​45320
• Update link to "Parameter Name Retention" section of Spring Framework's release notes #​45299

🔨 Dependency Upgrades

• Prevent upgrade to Prometheus Client 1.3.7 #​45541
• Upgrade to Couchbase Client 3.8.1 #​45539
• Upgrade to Elasticsearch 8.18.1 #​45447
• Upgrade to GraphQL Java 24.0 #​45588
• Upgrade to Hibernate 6.6.15.Final #​45540
• Upgrade to HttpClient5 5.4.4 #​45462
• Upgrade to Jackson Bom 2.18.4 #​45463
• Upgrade to Jackson Bom 2.19.0 #​45542
• Upgrade to Jetty 12.0.21 #​45519
• Upgrade to jOOQ 3.19.23 #​45465
• Upgrade to Kafka 3.9.1 #​45606
• Upgrade to Micrometer 1.15.0 #​45432
• Upgrade to Micrometer Tracing 1.5.0 #​45433
• Upgrade to Neo4j Java Driver 5.28.5 #​45446
• Upgrade to Netty 4.1.121.Final #​45466
• Upgrade to R2DBC Proxy 1.1.6.RELEASE #​45467
• Upgrade to Reactor Bom 2024.0.6 #​45434
• Upgrade to REST Assured 5.5.2 #​45571
• Upgrade to Spring Authorization Server 1.5.0 #​45435
• Upgrade to Spring Data Bom 2025.0.0 #​45436
• Upgrade to Spring Framework 6.2.7 #​45437
• Upgrade to Spring GraphQL 1.4.0 #​45438
• Upgrade to Spring HATEOAS 2.5.0 #​45559
• Upgrade to Spring Integration 6.5.0 #​45439
• Upgrade to Spring Kafka 3.3.6 #​45440
• Upgrade to Spring LDAP 3.3.0 #​45441
• Upgrade to Spring Pulsar 1.2.6 #​45442
• Upgrade to Spring Retry 2.0.12 #​45443
• Upgrade to Spring Security 6.5.0 #​45444
• Upgrade to Spring Session 3.5.0 #​45560
• Upgrade to Spring WS 4.1.0 #​45445
• Upgrade to Tomcat 10.1.41 #​45520
• Upgrade to XmlUnit2 2.10.1 #​45607

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​ahrytsiuk, @​izeye, @​lhotari, @​ngocnhan-tran1996, @​nosan, @​quaff, @​thecooldrop, and @​yybmion

v3.4.10

Compare Source

v3.4.9

Compare Source

🐞 Bug Fixes

• Hazelcast health indicator reports the wrong status when Hazelcast has shut down due to an out-of-memory error #​46877
• Performance critical tracing code has high overhead due to the use of the Stream API #​46838
• SpringLiquibaseCustomizer is exposed outside its defined visibility scope #​46752
• Race condition in OutputCapture can result in stale data #​46685
• Default value not detected for a field annoted with @Name #​46662
• Memory not freed on context restart in JpaMetamodel#CACHE with spring.main.lazy-initialization=true #​46630
• Property name is incorrect when reporting a mis-configured OAuth 2 Resource Server JWT public key location #​46627
• Missing metadata when using @Name with a constructor-bound property #​46599
• Failure to discover default value for a primitive should not lead to document its default value #​46551

📔 Documentation

• Observability examples in the reference guide are missing the Kotlin version #​46775
• Kotlin samples for configuration metadata are in the wrong package #​46774
• Align method descriptions for SslOptions getCiphers and getEnabledProtocols with @returns #​46756
• Tracing samples in the reference guide are missing the Kotlin version #​46699
• spring-boot-test-autoconfigure should use the configuration properties annotation processor like other modules #​46584
• spring.test.webtestclient.timeout is not documented #​46577
• spring.test.mockmvc properties are not documented #​46576
• Adapt deprecation level for management.health.influxdb.enabled #​46574
• Improve Virtual Threads section to mention the changes in Java 24 #​46547

🔨 Dependency Upgrades

• Upgrade to Angus Mail 2.0.4 #​46711
• Upgrade to Hibernate 6.6.26.Final #​46881
• Upgrade to Hibernate Validator 8.0.3.Final #​46713
• Upgrade to Infinispan 15.0.19.Final #​46847
• Upgrade to Jersey 3.1.11 #​46723
• Upgrade to Jetty 12.0.25 #​46833
• Upgrade to Jetty Reactive HTTPClient 4.0.11 #​46882
• Upgrade to jOOQ 3.19.25 #​46807
• Upgrade to Micrometer 1.14.10 #​46689
• Upgrade to Micrometer Tracing 1.4.9 #​46690
• Upgrade to MySQL 9.4.0 #​46715
• Upgrade to Netty 4.1.124.Final #​46834
• Upgrade to Pulsar 3.3.8 #​46716
• Upgrade to Reactor Bom 2024.0.9 #​46691
• Upgrade to REST Assured 5.5.6 #​46848
• Upgrade to Spring Authorization Server 1.4.5 #​46692
• Upgrade to Spring Data Bom 2024.1.9 #​46693
• Upgrade to Spring Framework 6.2.10 #​46694
• Upgrade to Spring Kafka 3.3.9 #​46870
• Upgrade to Spring LDAP 3.2.14 #​46695
• Upgrade to Spring Pulsar 1.2.9 #​46696
• Upgrade to Spring RESTDocs 3.0.5 #​46919
• Upgrade to Spring Security 6.4.9 #​46697
• Upgrade to Spring Session 3.4.5 #​46698
• Upgrade to Tomcat 10.1.44 #​46724

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Kguswo, @​Pankraz76, @​deejay1, @​ganjisriver, @​izeye, @​nicolasgarea, @​nosan, @​prishedko, @​quaff, @​schmidti159, @​scordio, @​shakuzen, @​tommyk-gears, @​zahra7, and @​zakaria-shahen

v3.4.8

Compare Source

🐞 Bug Fixes

• LambdaSafe.withFilter is not public #​46472
• Executable JAR application class encounters performance issues when used with Palo Alto Network Cortex XDR agent #​46401
• Runtime dependencies are missing from aotCompileClasspath and aotTestCompileClasspath when using Kotlin #​46397
• jdbc.connections.active and jdbc.connections.idle metrics are not available when using Hikari in a native image #​46214
• Hash calculation for uber archive entries that require unpacking is inefficient #​46202
• Permissions are applied inconsistently when building uber archives with Gradle #​46193
• EmbeddedWebServerFactoryCustomizerAutoConfiguration fails when undertow-core is on the classpath and undertow-servlet is not #​46178
• Setting spring.netty.leak-detection has no effect when lazy initialization is enabled #​46164
• Executable JAR application class encounters performance issues #​46063
• developmentOnly and testAndDevelopmentOnly dependencies may prevent implementation dependencies from being included in the uber-jar #​46043
• Binder context does not restore previous source causing missing data on Spring Boot 3.5 or above #​46039
• Setting spring.reactor.context-propagation has no effect when lazy initialization is enabled #​45846

📔 Documentation

• Fix description of spring.batch.job.enabled #​46228
• Fix broken Kotlin examples in reference documentation #​46064

🔨 Dependency Upgrades

• Upgrade to ActiveMQ 6.1.7 #​46385
• Upgrade to GraphQL Java 22.4 #​46394
• Upgrade to Groovy 4.0.28 #​46512
• Upgrade to Hibernate 6.6.22.Final #​46491
• Upgrade to Infinispan 15.0.18.Final #​46462
• Upgrade to Jetty 12.0.23 #​46388
• Upgrade to Micrometer 1.14.9 #​46273
• Upgrade to Micrometer Tracing 1.4.8 #​46274
• Upgrade to MySQL 9.3.0 #​46370
• Upgrade to Neo4j Java Driver 5.28.9 #​46430
• Upgrade to Netty 4.1.123.Final #​46431
• Upgrade to Prometheus Client 1.3.10 #​46389
• Upgrade to Reactor Bom 2024.0.8 #​46275
• Upgrade to RxJava3 3.1.11 #​46390
• Upgrade to Spring AMQP 3.2.6 #​46276
• Upgrade to Spring Data Bom 2024.1.8 #​46277
• Upgrade to Spring Framework 6.2.9 #​46278
• Upgrade to Spring GraphQL 1.3.6 #​46391
• Upgrade to Spring Integration 6.4.6 #​46361
• Upgrade to Spring Kafka 3.3.8 #​46363
• Upgrade to Spring Pulsar 1.2.8 #​46279
• Upgrade to Spring Security 6.4.8 #​46476
• Upgrade to Tomcat 10.1.43 #​46392
• Upgrade to XmlUnit2 2.10.3 #​46393

❤️ Contributors

Thank you to all the contributors who worked on this release:

@​Dockerel, @​PiyalAhmed, @​benelog, @​dmitrysulman, @​izeye, @​nosan, and @​quaff

v3.4.7

Compare Source

⚠️ Noteworthy Changes

• This release upgrades to Tomcat 10.1.42 which has introduced limits for part count and header size in multipart/form-data requests. These limits can be customized using server.tomcat.max-part-count and server.tomcat.max-part-header-size respectively.

🐞 Bug Fixes

• Executable JAR application class encounters performance issues when classpath URLs reference a host #​46027
• Loading from spring.factories may fail with a ClassNotFoundException when the TCCL changes between calls #​46018
• Actuator heapdump endpoint is failing on modern OpenJ9 JVMs #​46004
• DataSouceBuilder can fail with a NPE when the driver is null #​45991
• JSON writer incorrectly escapes forward slash which can cause structure logging issues #​45972
• spring.couchbase.authentication.jks.private-key-password has no effect #​45883
• ConditionalOnAvailableEndpoint does not use the ConditionContext's ClassLoader to load exposure outcome contributors #​45800
• ManagementWebServerFactoryCustomizer and ManagementErrorPageCustomizer should not have the same order #​45728
• SAML2 autoconfiguration is not imported by @WebMvcTest #​45650

📔 Documentation

• Fix Docker security options links in Packaging OCI images sections [#​46020](https://redirect.github.com/spring-projects/spri

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud